CVE-2017-7821 — Incorrect Permission Assignment in Mozilla Firefox

CWE-732 — Incorrect Permission Assignment8 documents5 sources

Severity

9.8CRITICALNVD

EPSS

2.6%

top 14.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Debian Firefox

Timeline

PublishedJun 11

Latest updateMay 13

Description

A vulnerability where WebExtensions can download and attempt to open a file of some non-executable file types. This can be triggered without specific user interaction for the file download and open actions. This could be used to trigger known vulnerabilities in the programs that handle those document types. This vulnerability affects Firefox < 56.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶debiandebian/firefox< firefox 56.0-1 (sid)

▶CVEListV5mozilla/firefoxunspecified — 56

▶Ubuntumozilla/firefox< 56.0+build6-0ubuntu0.14.04.1+4

▶NVDmozilla/firefox55.0.3

🔴Vulnerability Details

GHSA

GHSA-rg79-6j3q-wm5h: A vulnerability where WebExtensions can download and attempt to open a file of some non-executable file types↗2022-05-13

▶

OSV

firefox regression↗2017-10-04

▶

OSV

CVE-2017-7821: A vulnerability where WebExtensions can download and attempt to open a file of some non-executable file types↗2017-10-02

▶

OSV

firefox vulnerabilities↗2017-10-02

▶

📋Vendor Advisories

Ubuntu

Firefox regression↗2017-10-04

▶

Ubuntu

Firefox vulnerabilities↗2017-10-02

▶

Debian

CVE-2017-7821: firefox - A vulnerability where WebExtensions can download and attempt to open a file of s...↗2017

▶