← Back to CVEs
CVE-2017-5456
N/ADescription
A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system. This vulnerability affects Firefox ESR < 52.1 and Firefox < 53.
CVE Details
CVSS v3.1 ScoreN/A
Published6/11/2018
Last Modified11/25/2025
Sourcenvd
Honeypot Sightings0
Affected Products
mozilla:firefoxredhat:enterprise_linuxredhat:enterprise_linux_desktopredhat:enterprise_linux_serverredhat:enterprise_linux_server_ausredhat:enterprise_linux_server_eusredhat:enterprise_linux_workstation
Weaknesses (CWE)
CWE-732
References
http://www.securityfocus.com/bid/97940(security@mozilla.org)
http://www.securitytracker.com/id/1038320(security@mozilla.org)
https://access.redhat.com/errata/RHSA-2017:1106(security@mozilla.org)
https://bugzilla.mozilla.org/show_bug.cgi?id=1344415(security@mozilla.org)
https://www.mozilla.org/security/advisories/mfsa2017-10/(security@mozilla.org)
https://www.mozilla.org/security/advisories/mfsa2017-12/(security@mozilla.org)
http://www.securityfocus.com/bid/97940(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1038320(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2017:1106(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.mozilla.org/show_bug.cgi?id=1344415(af854a3a-2127-422b-91ae-364da2661108)
https://www.mozilla.org/security/advisories/mfsa2017-10/(af854a3a-2127-422b-91ae-364da2661108)
https://www.mozilla.org/security/advisories/mfsa2017-12/(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.