Vulnerability Description
A non-existent chrome.manifest file will attempt to be loaded during startup from the primary installation directory. If a malicious user with local access puts chrome.manifest and other referenced files in this directory, they will be loaded and activated during startup. This could result in malicious software being added without consent or modification of referenced installed files. This vulnerability affects Firefox < 52.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | < 52.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/96692Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1037966Third Party AdvisoryVDB Entry
- https://bugzilla.mozilla.org/show_bug.cgi?id=1295542Issue TrackingPatchVendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2017-05/Vendor Advisory
- http://www.securityfocus.com/bid/96692Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1037966Third Party AdvisoryVDB Entry
- https://bugzilla.mozilla.org/show_bug.cgi?id=1295542Issue TrackingPatchVendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2017-05/Vendor Advisory
FAQ
What is CVE-2017-5427?
CVE-2017-5427 is a vulnerability with a CVSS score of 5.5 (MEDIUM). A non-existent chrome.manifest file will attempt to be loaded during startup from the primary installation directory. If a malicious user with local access puts chrome.manifest and other referenced fi...
How severe is CVE-2017-5427?
CVE-2017-5427 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-5427?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox.