PT-2017-16473 · Mozilla+5 · Firefox+5

Muneaki Nishimura

Published

2017-01-24

Updated

2024-12-12

CVE-2017-5386

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Firefox ESR versions prior to 45.7 Firefox versions prior to 51

Description The issue allows WebExtension scripts to potentially disclose data or escalate privileges in affected extensions by utilizing the data: protocol to affect pages loaded by other web extensions using this protocol.

Recommendations For Firefox ESR versions prior to 45.7, update to version 45.7 or later. For Firefox versions prior to 51, update to version 51 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2017-1138

ALT-PU-2017-1578

CESA-2017_0190

CVE-2017-5386

DLA-800-1

DSA-3771-1

MGASA-2017-0023

MGASA-2017-0323

OPENSUSE-SU-2017_0358-1

OPENSUSE-SU-2024:10600-1

OPENSUSE-SU-2024:14572-1

RHSA-2017:0190

RHSA-2017_0190

SUSE-SU-2017:0426-1

SUSE-SU-2017:0427-1

USN-3175-1

USN-3175-2

Affected Products

Alt Linux

Centos

Firefox

Red Hat

Suse

Ubuntu

PT-2017-16473 · Mozilla+5 · Firefox+5

CVE-2017-5386

Related Identifiers

Affected Products

References · 1933