PT-2017-4020 · Mozilla+2 · Firefox+2

Abdulrahman Alqabandi

Published

2017-03-11

Updated

2024-12-12

CVE-2017-7821

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 56

Description The issue is related to insufficient permission checks for a critical resource in the WebExtensions module of Mozilla Firefox. This could allow a remote attacker to elevate their privileges. Additionally, WebExtensions can download and attempt to open certain non-executable file types without specific user interaction, potentially triggering known vulnerabilities in programs that handle those document types.

Recommendations For versions prior to 56, update to a version that contains a fix for this issue to prevent potential exploitation. As a temporary workaround, consider restricting the use of WebExtensions to minimize the risk of exploitation. Avoid using WebExtensions to download and open files of non-executable types until the issue is resolved.

Exploit

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

ALT-PU-2017-2437

ALT-PU-2018-1854

BDU:2021-00179

CVE-2017-7821

OPENSUSE-SU-2024:10600-1

OPENSUSE-SU-2024:14572-1

USN-3435-1

USN-3435-2

Affected Products

Alt Linux

Firefox

Ubuntu

PT-2017-4020 · Mozilla+2 · Firefox+2

CVE-2017-7821

Weakness Enumeration

Related Identifiers

Affected Products

References · 1896