A non-existent chrome.manifest file will attempt to be loaded during startup from the primary installation directory. If a malicious user with local access puts chrome.manifest and other referenced files in this directory, they will be loaded and activated during startup. This could result in malicious software being added without consent or modification of referenced installed files. This vulnerability affects Firefox < 52.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/96692 | VDB Entry Third Party Advisory |
http://www.securitytracker.com/id/1037966 | Third Party Advisory VDB Entry |
https://bugzilla.mozilla.org/show_bug.cgi?id=1295542 | Issue Tracking Patch Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2017-05/ | Vendor Advisory |
Configurations
History
No history.
Information
Published : 2018-06-11 21:29
Updated : 2018-08-07 18:06
NVD link : CVE-2017-5427
Mitre link : CVE-2017-5427
CVE.ORG link : CVE-2017-5427
JSON object : View
Products Affected
mozilla
- firefox
CWE
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')