CVE-2017-5454

MEDIUM

Description

A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.

References

http://www.securityfocus.com/bid/97940

http://www.securitytracker.com/id/1038320

https://access.redhat.com/errata/RHSA-2017:1106

https://access.redhat.com/errata/RHSA-2017:1201

https://bugzilla.mozilla.org/show_bug.cgi?id=1349276

https://www.mozilla.org/security/advisories/mfsa2017-10/

https://www.mozilla.org/security/advisories/mfsa2017-12/

https://www.mozilla.org/security/advisories/mfsa2017-13/

Details

Source: MITRE

Published: 2018-06-11

Updated: 2018-08-09

Type: CWE-200

Risk Information

CVSS v2.0

Base Score: 5

Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

ID	Name	Product	Family	Severity
102694	SUSE SLES11 Security Update : MozillaFirefox, MozillaFirefox-branding-SLED, firefox-gcc5, mozilla-nss (SUSE-SU-2017:2235-1)	Nessus	SuSE Local Security Checks	high
101460	Virtuozzo 6 : thunderbird (VZLSA-2017-1201)	Nessus	Virtuozzo Local Security Checks	high
101457	Virtuozzo 7 : firefox (VZLSA-2017-1106)	Nessus	Virtuozzo Local Security Checks	high
101055	SUSE SLED12 / SLES12 Security Update : MozillaFirefox, MozillaFirefox-branding-SLE (SUSE-SU-2017:1669-1)	Nessus	SuSE Local Security Checks	high
100688	EulerOS 2.0 SP2 : firefox (EulerOS-SA-2017-1093)	Nessus	Huawei Local Security Checks	high
100687	EulerOS 2.0 SP1 : firefox (EulerOS-SA-2017-1092)	Nessus	Huawei Local Security Checks	high
100249	Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : thunderbird vulnerabilities (USN-3278-1)	Nessus	Ubuntu Local Security Checks	high
100153	Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : firefox regression (USN-3260-2)	Nessus	Ubuntu Local Security Checks	high
100065	CentOS 6 / 7 : thunderbird (CESA-2017:1201)	Nessus	CentOS Local Security Checks	high
100049	Scientific Linux Security Update : thunderbird on SL6.x, SL7.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
100045	Oracle Linux 6 / 7 : thunderbird (ELSA-2017-1201)	Nessus	Oracle Linux Local Security Checks	high
100021	RHEL 6 / 7 : thunderbird (RHSA-2017:1201)	Nessus	Red Hat Local Security Checks	high
100020	openSUSE Security Update : MozillaThunderbird (openSUSE-2017-545)	Nessus	SuSE Local Security Checks	critical
99968	Mozilla Thunderbird < 52.1 Multiple Vulnerabilities	Nessus	Windows	high
99967	Mozilla Thunderbird < 52.1 Multiple Vulnerabilities (macOS)	Nessus	MacOS X Local Security Checks	high
99632	Mozilla Firefox < 53 Multiple Vulnerabilities	Nessus	Windows	high
99631	Mozilla Firefox ESR 52.x < 52.1 Multiple Vulnerabilities	Nessus	Windows	high
99629	Mozilla Firefox < 53 Multiple Vulnerabilities (macOS)	Nessus	MacOS X Local Security Checks	high
99628	Mozilla Firefox ESR < 52.1 Multiple Vulnerabilities (macOS)	Nessus	MacOS X Local Security Checks	high
99626	Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : firefox vulnerabilities (USN-3260-1)	Nessus	Ubuntu Local Security Checks	high
99619	Scientific Linux Security Update : firefox on SL7.x x86_64	Nessus	Scientific Linux Local Security Checks	high
700065	Mozilla Firefox < 53 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
99572	RHEL 7 : firefox (RHSA-2017:1106)	Nessus	Red Hat Local Security Checks	high
99565	Oracle Linux 7 : firefox (ELSA-2017-1106)	Nessus	Oracle Linux Local Security Checks	high
99539	CentOS 7 : firefox (CESA-2017:1106)	Nessus	CentOS Local Security Checks	high
99496	FreeBSD : mozilla -- multiple vulnerabilities (5e0a038a-ca30-416d-a2f5-38cbf5e7df33)	Nessus	FreeBSD Local Security Checks	high