CVE-2017-5427 — Race Condition in Mozilla Firefox

CWE-362 — Race Condition8 documents5 sources

Severity

5.5MEDIUMNVD

OSV9.8

EPSS

0.1%

top 73.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Debian Firefox

Timeline

PublishedJun 11

Latest updateMay 14

Description

A non-existent chrome.manifest file will attempt to be loaded during startup from the primary installation directory. If a malicious user with local access puts chrome.manifest and other referenced files in this directory, they will be loaded and activated during startup. This could result in malicious software being added without consent or modification of referenced installed files. This vulnerability affects Firefox < 52.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/firefox< firefox 52.0-1 (sid)

▶CVEListV5mozilla/firefoxunspecified — 52

▶NVDmozilla/firefox< 52.0

▶Ubuntumozilla/firefox< 52.0+build2-0ubuntu0.14.04.1+3

Patches

Patch: bugzilla.mozilla.org ↗Patch: bugzilla.mozilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-g22c-72wp-3974: A non-existent chrome↗2022-05-14

▶

OSV

firefox regression↗2017-03-30

▶

OSV

CVE-2017-5427: A non-existent chrome↗2017-03-07

▶

OSV

firefox vulnerabilities↗2017-03-07

▶

📋Vendor Advisories

Ubuntu

Firefox regression↗2017-03-30

▶

Ubuntu

Firefox vulnerabilities↗2017-03-07

▶

Debian

CVE-2017-5427: firefox - A non-existent chrome.manifest file will attempt to be loaded during startup fro...↗2017

▶