CVE-2017-5427
MEDIUMFirefox < 52.0 - Unauthenticated Arbitrary Code Execution via Chrome Manifest File Injection
Title source: llmDescription
A non-existent chrome.manifest file will attempt to be loaded during startup from the primary installation directory. If a malicious user with local access puts chrome.manifest and other referenced files in this directory, they will be loaded and activated during startup. This could result in malicious software being added without consent or modification of referenced installed files. This vulnerability affects Firefox < 52.
References (4)
Core 4
Core References
Issue Tracking, Patch, Vendor Advisory x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=1295542
Vendor Advisory x_refsource_confirm
https://www.mozilla.org/security/advisories/mfsa2017-05/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1037966
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/96692
Scores
CVSS v3
5.5
EPSS
0.0010
EPSS Percentile
26.7%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-362
Status
published
Products (1)
mozilla/firefox
< 52.0
Published
Jun 11, 2018
Tracked Since
Feb 18, 2026