CVE-2017-7794Incorrect Default Permissions in Mozilla Firefox

CWE-276Incorrect Default PermissionsCWE-250Execution with Unnecessary Privileges12 documents7 sources
Severity
7.8HIGHNVD
OSV9.1
EPSS
0.0%
top 86.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla FirefoxDebian Firefox
Timeline
PublishedJun 11
Latest updateMay 13

Description

On Linux systems, if the content process is compromised, the sandbox broker will allow files to be truncated even though the sandbox explicitly only has read access to the local file system and no write permissions. Note: This attack only affects the Linux operating system. Other operating systems are not affected. This vulnerability affects Firefox < 55.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

debiandebian/firefox< firefox 55.0-1 (sid)
CVEListV5mozilla/firefoxunspecified55
NVDmozilla/firefox< 55.0
Ubuntumozilla/firefox< 55.0.1+build2-0ubuntu0.14.04.2+3

🔴Vulnerability Details

5
GHSA
GHSA-p52p-vjgp-j832: On Linux systems, if the content process is compromised, the sandbox broker will allow files to be truncated even though the sandbox explicitly only h2022-05-13
OSV
firefox regression2017-08-17
OSV
ubufox update2017-08-16
OSV
firefox vulnerabilities2017-08-15
OSV
CVE-2017-7794: On Linux systems, if the content process is compromised, the sandbox broker will allow files to be truncated even though the sandbox explicitly only h2017-08-10

📋Vendor Advisories

5
Ubuntu
Firefox regression2017-08-17
Ubuntu
Ubufox update2017-08-16
Ubuntu
Firefox vulnerabilities2017-08-15
Red Hat
Mozilla: Linux file truncation via sandbox broker (MFSA 2017-18)2017-08-08
Debian
CVE-2017-7794: firefox - On Linux systems, if the content process is compromised, the sandbox broker will...2017

💬Community

1
Bugzilla
CVE-2017-7794 Mozilla: Linux file truncation via sandbox broker (MFSA 2017-18)2017-08-08