cbcvebase.
CVE-2017-5414
published 2018-06-11

CVE-2017-5414: The file picker dialog can choose and display the wrong local default directory when instantiated. On some operating systems, this can lead to information…

PriorityP421medium5.5CVSS 3.0
AVLACLPRLUINSUCHINAN
EPSS
0.33%
25.1th percentile
The file picker dialog can choose and display the wrong local default directory when instantiated. On some operating systems, this can lead to information disclosure, such as the operating system or the local account name. This vulnerability affects Firefox < 52 and Thunderbird < 52.

Affected

9 ranges
VendorProductVersion rangeFixed in
debianfirefox< firefox 52.0-1 (sid)firefox 52.0-1 (sid)
mozillafirefox< 52.052.0
mozillafirefox>= 0 < 52.0+build2-0ubuntu0.14.04.152.0+build2-0ubuntu0.14.04.1
mozillafirefox>= 0 < 52.0.2+build1-0ubuntu0.14.04.152.0.2+build1-0ubuntu0.14.04.1
mozillafirefox>= 0 < 52.0+build2-0ubuntu0.16.04.152.0+build2-0ubuntu0.16.04.1
mozillafirefox>= 0 < 52.0.2+build1-0ubuntu0.16.04.152.0.2+build1-0ubuntu0.16.04.1
mozillafirefox>= unspecified < 5252
mozillathunderbird< 52.052.0
mozillathunderbird>= unspecified < 5252

CVSS provenance

nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.9MEDIUMAV:L/AC:L/Au:N/C:C/I:N/A:N
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_debian5.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.