Vulnerability Description
On Linux systems, if the content process is compromised, the sandbox broker will allow files to be truncated even though the sandbox explicitly only has read access to the local file system and no write permissions. Note: This attack only affects the Linux operating system. Other operating systems are not affected. This vulnerability affects Firefox < 55.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | < 55.0 |
| Linux | Linux Kernel | - |
Related Weaknesses (CWE)
References
- http://www.securitytracker.com/id/1039124Third Party AdvisoryVDB Entry
- https://bugzilla.mozilla.org/show_bug.cgi?id=1374281ExploitIssue TrackingVendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2017-18/Vendor Advisory
- http://www.securitytracker.com/id/1039124Third Party AdvisoryVDB Entry
- https://bugzilla.mozilla.org/show_bug.cgi?id=1374281ExploitIssue TrackingVendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2017-18/Vendor Advisory
FAQ
What is CVE-2017-7794?
CVE-2017-7794 is a vulnerability with a CVSS score of 7.8 (HIGH). On Linux systems, if the content process is compromised, the sandbox broker will allow files to be truncated even though the sandbox explicitly only has read access to the local file system and no wri...
How severe is CVE-2017-7794?
CVE-2017-7794 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-7794?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Linux Linux Kernel.