A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system. This vulnerability affects Firefox ESR < 52.1 and Firefox < 53.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/97940 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1038320 | Third Party Advisory VDB Entry |
https://access.redhat.com/errata/RHSA-2017:1106 | Third Party Advisory |
https://bugzilla.mozilla.org/show_bug.cgi?id=1344415 | Exploit Issue Tracking Patch Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2017-10/ | Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2017-12/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mozilla
Published: 2018-06-11T21:00:00
Updated: 2018-06-12T09:57:01
Reserved: 2017-01-13T00:00:00
Link: CVE-2017-5456
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-06-11T21:29:06.873
Modified: 2019-10-03T00:03:26.223
Link: CVE-2017-5456
JSON object: View
Redhat Information
No data.
CWE