CVE-2017-5397

critical

Description

The cache directory on the local file system is set to be world writable. Firefox defaults to extracting libraries from this cache. This allows for the possibility of an installed malicious application or tools with write access to the file system to replace files used by Firefox with their own versions. This vulnerability affects Firefox < 51.0.3.

References

https://www.mozilla.org/security/advisories/mfsa2017-04/

https://bugzilla.mozilla.org/show_bug.cgi?id=1337304

http://www.securityfocus.com/bid/96144

Details

Source: Mitre, NVD

Published: 2018-06-11

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00585