A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/97940 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1038320 | Third Party Advisory VDB Entry |
https://access.redhat.com/errata/RHSA-2017:1106 | Third Party Advisory |
https://access.redhat.com/errata/RHSA-2017:1201 | Third Party Advisory |
https://bugzilla.mozilla.org/show_bug.cgi?id=1349276 | Issue Tracking Patch Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2017-10/ | Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2017-12/ | Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2017-13/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mozilla
Published: 2018-06-11T21:00:00
Updated: 2018-06-12T09:57:01
Reserved: 2017-01-13T00:00:00
Link: CVE-2017-5454
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-06-11T21:29:06.750
Modified: 2018-08-09T15:34:52.687
Link: CVE-2017-5454
JSON object: View
Redhat Information
No data.
CWE