Home > Vulnerability Database > CVE-2017-5427

Mend.io Vulnerability Database

CVE-2017-5427

Good to know:

Date: June 11, 2018

A non-existent chrome.manifest file will attempt to be loaded during startup from the primary installation directory. If a malicious user with local access puts chrome.manifest and other referenced files in this directory, they will be loaded and activated during startup. This could result in malicious software being added without consent or modification of referenced installed files. This vulnerability affects Firefox < 52.

Language: Unix

Severity Score

5.5

Related Resources (7)

Url: https://www.mozilla.org/security/advisories/mfsa2017-05/

Url: https://nvd.nist.gov/vuln/detail/CVE-2017-5427

Url: http://www.securitytracker.com/id/1037966

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=1295542

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2017-5427

Url: http://www.securityfocus.com/bid/96692

Url: https://www.mend.io/vulnerability-database/CVE-2017-5427

Severity Score

5.5

Weakness Type (CWE)

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-362

Top Fix

Upgrade Version

Upgrade to version firefox - 52.0-1

Learn More

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

CVSS v2

Base Score:	1.9
Access Vector (AV):	LOCAL
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2017-5427

Good to know:

Date: June 11, 2018

Language: Unix

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?