A non-existent chrome.manifest file will attempt to be loaded during startup from the primary installation directory. If a malicious user with local access puts chrome.manifest and other referenced files in this directory, they will be loaded and activated during startup. This could result in malicious software being added without consent or modification of referenced installed files. This vulnerability affects Firefox < 52.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/96692 | VDB Entry Third Party Advisory |
http://www.securitytracker.com/id/1037966 | Third Party Advisory VDB Entry |
https://bugzilla.mozilla.org/show_bug.cgi?id=1295542 | Issue Tracking Patch Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2017-05/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mozilla
Published: 2018-06-11T21:00:00
Updated: 2018-06-12T09:57:01
Reserved: 2017-01-13T00:00:00
Link: CVE-2017-5427
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-06-11T21:29:05.407
Modified: 2018-08-07T18:06:07.003
Link: CVE-2017-5427
JSON object: View
Redhat Information
No data.
CWE