CVE-2017-5425

EPSS 2.0%

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 2.0%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

11 Jun 2018Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

The Gecko Media Plugin sandbox allows access to local files that match specific regular expressions. On OS OX, this matching allows access to some data in subdirectories of "/private/var" that could expose personal or temporary data. This has been updated to not allow access to "/private/var" and its subdirectories. Note: this issue only affects OS X. Other operating systems are not affected. This vulnerability affects Firefox < 52 and Thunderbird < 52.

Affected products

Mozilla · Firefox Mozilla · Thunderbird

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1322716 https://www.mozilla.org/security/advisories/mfsa2017-05/https://www.mozilla.org/security/advisories/mfsa2017-09/http://www.securityfocus.com/bid/96692 http://www.securitytracker.com/id/1037966