CVE-2017-5426 — Incorrect Permission Assignment in Mozilla Firefox

CWE-732 — Incorrect Permission Assignment8 documents5 sources

Severity

5.3MEDIUMNVD

OSV9.8

EPSS

0.3%

top 46.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Thunderbird Debian Firefox

Timeline

PublishedJun 11

Latest updateMay 13

Description

On Linux, if the secure computing mode BPF (seccomp-bpf) filter is running when the Gecko Media Plugin sandbox is started, the sandbox fails to be applied and items that would run within the sandbox are run protected only by the running filter which is typically weak compared to the sandbox. Note: this issue only affects Linux. Other operating systems are not affected. This vulnerability affects Firefox < 52 and Thunderbird < 52.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages6 packages

▶debiandebian/firefox< firefox 52.0-1 (sid)

▶CVEListV5mozilla/firefoxunspecified — 52

▶NVDmozilla/firefox< 52.0

▶CVEListV5mozilla/thunderbirdunspecified — 52

▶NVDmozilla/thunderbird< 52.0

Patches

Patch: bugzilla.mozilla.org ↗Patch: bugzilla.mozilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-r4j3-22gw-qmpm: On Linux, if the secure computing mode BPF (seccomp-bpf) filter is running when the Gecko Media Plugin sandbox is started, the sandbox fails to be app↗2022-05-13

▶

OSV

firefox regression↗2017-03-30

▶

OSV

firefox vulnerabilities↗2017-03-07

▶

OSV

CVE-2017-5426: On Linux, if the secure computing mode BPF (seccomp-bpf) filter is running when the Gecko Media Plugin sandbox is started, the sandbox fails to be app↗2017-03-07

▶

📋Vendor Advisories

Ubuntu

Firefox regression↗2017-03-30

▶

Ubuntu

Firefox vulnerabilities↗2017-03-07

▶

Debian

CVE-2017-5426: firefox - On Linux, if the secure computing mode BPF (seccomp-bpf) filter is running when ...↗2017

▶