CVE-2017-7794
HIGHFirefox < 55.0 - Incorrect Default Permissions via Sandbox Broker
Title source: llmDescription
On Linux systems, if the content process is compromised, the sandbox broker will allow files to be truncated even though the sandbox explicitly only has read access to the local file system and no write permissions. Note: This attack only affects the Linux operating system. Other operating systems are not affected. This vulnerability affects Firefox < 55.
References (3)
Core 3
Core References
Exploit, Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=1374281
Vendor Advisory x_refsource_confirm
https://www.mozilla.org/security/advisories/mfsa2017-18/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039124
Scores
CVSS v3
7.8
EPSS
0.0005
EPSS Percentile
14.4%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-276
Status
published
Products (1)
mozilla/firefox
< 55.0
Published
Jun 11, 2018
Tracked Since
Feb 18, 2026