What is the severity of CVE-2017-5381?

CVE-2017-5381 is considered a moderate severity vulnerability due to its potential for unauthorized file system access.

How do I fix CVE-2017-5381?

To fix CVE-2017-5381, update Mozilla Firefox to version 51.0 or later.

What impact does CVE-2017-5381 have on Mozilla Firefox users?

CVE-2017-5381 allows attackers to manipulate the export functionality to save sensitive certificate data in unsafe locations.

Which versions of Firefox are affected by CVE-2017-5381?

CVE-2017-5381 affects all versions of Mozilla Firefox prior to 51.0.

Is there a workaround for CVE-2017-5381 pending a software update?

There is no official workaround for CVE-2017-5381; users are advised to update Firefox as soon as possible.

Vulnerability/
CVE-2017-5381

high

7.5

CWE

24/1/2017

11/6/2018

5/8/2024

CVE-2017-5381: Path Traversal

First published: Tue Jan 24 2017(Updated: )

The "export" function in the Certificate Viewer can force local filesystem navigation when the "common name" in a certificate contains slashes, allowing certificate content to be saved in unsafe locations with an arbitrary filename.

Credit: security@mozilla.org

Affected Software	Affected Version	How to fix
Firefox	<51	51
Firefox	<51.0

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

MFSA2017-01

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is the severity of CVE-2017-5381?
CVE-2017-5381 is considered a moderate severity vulnerability due to its potential for unauthorized file system access.
How do I fix CVE-2017-5381?
To fix CVE-2017-5381, update Mozilla Firefox to version 51.0 or later.
What impact does CVE-2017-5381 have on Mozilla Firefox users?
CVE-2017-5381 allows attackers to manipulate the export functionality to save sensitive certificate data in unsafe locations.
Which versions of Firefox are affected by CVE-2017-5381?
CVE-2017-5381 affects all versions of Mozilla Firefox prior to 51.0.
Is there a workaround for CVE-2017-5381 pending a software update?
There is no official workaround for CVE-2017-5381; users are advised to update Firefox as soon as possible.

agent/type
agent/first-publish-date
agent/author
agent/weakness
agent/severity
agent/references
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/trending
agent/source
agent/tags
collector/mozilla-advisory
agent/software-canonical-lookup-request
source/Mozilla
agent/software-canonical-lookup
collector/nvd-index
agent/softwarecombine
vendor/mozilla
canonical/firefox

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.