CVE-2017-5454: A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker…

high7.5CVSS 3.0

AVNACLPRNUINSUCHINAN

A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.

Affected

26 ranges· showing 25

Vendor	Product	Version range	Fixed in
debian	firefox	< firefox 52.0.1-1 (sid)	firefox 52.0.1-1 (sid)
mozilla	firefox	< 53.0	53.0
mozilla	firefox	< 52.1.0	52.1.0
mozilla	firefox	>= 0 < 53.0.2+build1-0ubuntu0.14.04.2	53.0.2+build1-0ubuntu0.14.04.2
mozilla	firefox	>= 0 < 53.0+build6-0ubuntu0.14.04.1	53.0+build6-0ubuntu0.14.04.1
mozilla	firefox	>= 0 < 53.0.2+build1-0ubuntu0.16.04.2	53.0.2+build1-0ubuntu0.16.04.2
mozilla	firefox	>= 0 < 53.0+build6-0ubuntu0.16.04.1	53.0+build6-0ubuntu0.16.04.1
mozilla	firefox	>= unspecified < 53	53
mozilla	firefox_esr	>= unspecified < 52.1	52.1
mozilla	thunderbird	< 52.1.0	52.1.0
mozilla	thunderbird	>= 0 < 1:52.1.1+build1-0ubuntu0.14.04.1	1:52.1.1+build1-0ubuntu0.14.04.1
mozilla	thunderbird	>= 0 < 1:52.1.1+build1-0ubuntu0.16.04.1	1:52.1.1+build1-0ubuntu0.16.04.1
mozilla	thunderbird	>= unspecified < 52.1	52.1
redhat	enterprise_linux	—	—
redhat	enterprise_linux	—	—
redhat	enterprise_linux_desktop	—	—
redhat	enterprise_linux_desktop	—	—
redhat	enterprise_linux_server	—	—
redhat	enterprise_linux_server	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_eus	—	—
redhat	enterprise_linux_server_eus	—	—
redhat	enterprise_linux_server_eus	—	—
redhat	enterprise_linux_workstation	—	—

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

osv9.8CRITICAL