CVE-2017-5425

EPSS 2.0%

Vexday Risk Score

3Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS —EPSS 2.0%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

11 jun 2018Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

The Gecko Media Plugin sandbox allows access to local files that match specific regular expressions. On OS OX, this matching allows access to some data in subdirectories of "/private/var" that could expose personal or temporary data. This has been updated to not allow access to "/private/var" and its subdirectories. Note: this issue only affects OS X. Other operating systems are not affected. This vulnerability affects Firefox < 52 and Thunderbird < 52.

Productos afectados

Mozilla · Firefox Mozilla · Thunderbird

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://bugzilla.mozilla.org/show_bug.cgi?id=1322716 https://www.mozilla.org/security/advisories/mfsa2017-05/https://www.mozilla.org/security/advisories/mfsa2017-09/http://www.securityfocus.com/bid/96692 http://www.securitytracker.com/id/1037966