CVE-2017-5456

Опубликовано: 11 июн. 2018

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 7.5

CVSS3: 9.8

Описание

A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system. This vulnerability affects Firefox ESR < 52.1 and Firefox < 53.

Релиз	Статус	Примечание
devel	released	54.0+build3-0ubuntu1
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was released [53.0+build6-0ubuntu0.14.04.1]]
precise	ignored
precise/esm	DNE	precise was ignored
trusty	released	53.0+build6-0ubuntu0.14.04.1
trusty/esm	DNE	trusty was released [53.0+build6-0ubuntu0.14.04.1]
upstream	released	53.0
vivid/stable-phone-overlay	DNE
vivid/ubuntu-core	DNE
xenial	released	53.0+build6-0ubuntu0.16.04.1

Показывать по

Релиз	Статус	Примечание
devel	not-affected
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was not-affected]
precise	ignored	end of life
precise/esm	DNE	precise was needs-triage
trusty	not-affected
trusty/esm	DNE	trusty was not-affected
upstream	not-affected
vivid/stable-phone-overlay	DNE
vivid/ubuntu-core	DNE
xenial	not-affected

Показывать по

Ссылки на источники

EPSS

Процентиль: 84%

0.02265

Низкий

7.5 High

CVSS2

9.8 Critical

CVSS3

Связанные уязвимости

CVE-2017-5456

CVSS3: 9.8

redhat

больше 8 лет назад

CVE-2017-5456

CVSS3: 9.8

nvd

около 7 лет назад

CVE-2017-5456

CVSS3: 9.8

debian

около 7 лет назад

A mechanism to bypass file system access protections in the sandbox us ...

GHSA-59p4-f6m8-9792

CVSS3: 9.8

github

около 3 лет назад

ELSA-2017-1106

oracle-oval

больше 8 лет назад

ELSA-2017-1106: firefox security update (CRITICAL)

EPSS

Процентиль: 84%

0.02265

Низкий

7.5 High

CVSS2

9.8 Critical

CVSS3

CVE-2017-5456

Описание

Пакет firefox

Пакет thunderbird

Ссылки на источники

Связанные уязвимости