CVE-2017-7821
CRITICALMozilla Firefox < 55.0.3 - Incorrect Permission Assignment
Title source: ruleDescription
A vulnerability where WebExtensions can download and attempt to open a file of some non-executable file types. This can be triggered without specific user interaction for the file download and open actions. This could be used to trigger known vulnerabilities in the programs that handle those document types. This vulnerability affects Firefox < 56.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039465
Vendor Advisory x_refsource_confirm
https://www.mozilla.org/security/advisories/mfsa2017-21/
Exploit, Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=1346515
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101057
Scores
CVSS v3
9.8
EPSS
0.0260
EPSS Percentile
85.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-732
Status
published
Products (1)
mozilla/firefox
< 55.0.3
Published
Jun 11, 2018
Tracked Since
Feb 18, 2026