PT-2017-3682 · Mozilla+2 · Firefox+2

Alex Gaynor

Published

2017-07-07

Updated

2024-12-12

CVE-2018-5107

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 58

Description: The printing process in Firefox can bypass local access protections to read files available through symlinks, potentially exposing some local file information. Although the printing process requires files in a specific format, limiting the ability to read arbitrary data, it is still possible for an attacker to gain unauthorized access to protected information using symlinks.

Recommendations: For versions prior to 58, update to version 58 or later to resolve the issue. As a temporary workaround, consider restricting the use of symlinks in the printing process to minimize the risk of exploitation.

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

ALT-PU-2018-1178

ALT-PU-2018-1854

BDU:2018-00875

CVE-2018-5107

OPENSUSE-SU-2024:10600-1

OPENSUSE-SU-2024:14572-1

USN-3544-1

USN-3544-2

Affected Products

Alt Linux

Firefox

Ubuntu

PT-2017-3682 · Mozilla+2 · Firefox+2

CVE-2018-5107

Weakness Enumeration

Related Identifiers

Affected Products

References · 1910