CVE-2017-5427

LOW

Description

A non-existent chrome.manifest file will attempt to be loaded during startup from the primary installation directory. If a malicious user with local access puts chrome.manifest and other referenced files in this directory, they will be loaded and activated during startup. This could result in malicious software being added without consent or modification of referenced installed files. This vulnerability affects Firefox < 52.

References

http://www.securityfocus.com/bid/96692

http://www.securitytracker.com/id/1037966

https://bugzilla.mozilla.org/show_bug.cgi?id=1295542

https://www.mozilla.org/security/advisories/mfsa2017-05/

Details

Source: MITRE

Published: 2018-06-11

Updated: 2018-08-07

Type: CWE-362

Risk Information

CVSS v2.0

Base Score: 1.9

Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:N)

Impact Score: 2.9

Exploitability Score: 3.4

Severity: LOW

CVSS v3.0

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM