PT-2018-8248 · Mozilla+1 · Firefox+1

Jim Chen

Published

2017-03-20

Updated

2019-10-03

CVE-2017-5397

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 51.0.3

Description: The issue arises from the cache directory on the local file system being set to world writable, allowing Firefox to extract libraries from this cache. This setup enables a potentially installed malicious application or tools with write access to the file system to replace files used by Firefox with their own versions.

Recommendations: For versions prior to 51.0.3, update to version 51.0.3 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-829

Related Identifiers

ALT-PU-2017-1322

ALT-PU-2017-1578

CVE-2017-5397

Affected Products

Alt Linux

Firefox

PT-2018-8248 · Mozilla+1 · Firefox+1

CVE-2017-5397

Weakness Enumeration

Related Identifiers

Affected Products

References · 5