CVE-2017-5427
Last modified
CVE-2017-5427 is a vulnerability of currently unknown severity. A non-existent chrome.manifest file will attempt to be loaded during startup from the primary installation directory. If a malicious user with local access puts chrome.manifest and other referenced files in this directory, they will be loaded and activated during startup. EPSS estimates a 0.24% chance of exploitation in the next 30 days.
Description
A non-existent chrome.manifest file will attempt to be loaded during startup from the primary installation directory. If a malicious user with local access puts chrome.manifest and other referenced files in this directory, they will be loaded and activated during startup. This could result in malicious software being added without consent or modification of referenced installed files. This vulnerability affects Firefox < 52.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | < 52.0 |
References
- http://www.securityfocus.com/bid/96692Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1037966Third Party Advisory, VDB Entry
- https://bugzilla.mozilla.org/show_bug.cgi?id=1295542Issue Tracking, Patch, Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2017-05/Vendor Advisory
- http://www.securityfocus.com/bid/96692Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1037966Third Party Advisory, VDB Entry
- https://bugzilla.mozilla.org/show_bug.cgi?id=1295542Issue Tracking, Patch, Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2017-05/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-5427?
How severe is CVE-2017-5427?
How do I fix CVE-2017-5427?
Are you affected by CVE-2017-5427?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST