CVE-2017-5427

medium

Description

A non-existent chrome.manifest file will attempt to be loaded during startup from the primary installation directory. If a malicious user with local access puts chrome.manifest and other referenced files in this directory, they will be loaded and activated during startup. This could result in malicious software being added without consent or modification of referenced installed files. This vulnerability affects Firefox < 52.

References

https://www.mozilla.org/security/advisories/mfsa2017-05/

https://bugzilla.mozilla.org/show_bug.cgi?id=1295542

http://www.securitytracker.com/id/1037966

http://www.securityfocus.com/bid/96692

Details

Source: Mitre, NVD

Published: 2018-06-11

Updated: 2018-08-07

Risk Information

CVSS v2

Base Score: 1.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Severity: Medium