CVE-2017-5456
First published: Wed Apr 19 2017(Updated: )
A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system.
Credit: security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox ESR | <52.1 | 52.1 |
| Mozilla Firefox | <53 | 53 |
| Red Hat Enterprise Linux | =7.0 | |
| Redhat Enterprise Linux Desktop | =7.0 | |
| Red Hat Enterprise Linux Server | =7.0 | |
| Red Hat Enterprise Linux Server | =7.3 | |
| Red Hat Enterprise Linux Server | =7.4 | |
| Red Hat Enterprise Linux Server | =7.3 | |
| Red Hat Enterprise Linux Server | =7.4 | |
| Red Hat Enterprise Linux Server | =7.5 | |
| Redhat Enterprise Linux Workstation | =7.0 | |
| Mozilla Firefox | <53.0 | |
| Mozilla Firefox ESR | <52.1.0 | |
| debian/firefox | 135.0.1-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.mozilla.org/show_bug.cgi?id=1344415
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-12/
- https://www.mozilla.org/security/advisories/mfsa2017-10/
- https://www.mozilla.org/security/advisories/mfsa2017-12/
- https://access.redhat.com/errata/RHSA-2017:1106
- http://www.securityfocus.com/bid/97940
- http://www.securitytracker.com/id/1038320
- https://launchpad.net/bugs/cve/CVE-2017-5456
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5456
- https://bugzilla.redhat.com/show_bug.cgi?id=1443297
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-12/#CVE-2016-10196
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5456
- https://nvd.nist.gov/vuln/detail/CVE-2017-5456
- https://security-tracker.debian.org/tracker/CVE-2017-5456
- https://ubuntu.com/security/CVE-2017-5456
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2017-5433
- CVE-2017-5435
- CVE-2017-5436
- CVE-2017-5461
- CVE-2017-5459
- CVE-2017-5466
- CVE-2017-5434
- CVE-2017-5432
- CVE-2017-5460
- CVE-2017-5438
- CVE-2017-5439
- CVE-2017-5440
- CVE-2017-5441
- CVE-2017-5442
- CVE-2017-5464
- CVE-2017-5443
- CVE-2017-5444
- CVE-2017-5446
- CVE-2017-5447
- CVE-2017-5465
- CVE-2017-5448
- CVE-2016-10196
- CVE-2017-5454
- CVE-2017-5455
- CVE-2017-5456
- CVE-2017-5469
- CVE-2017-5445
- CVE-2017-5449
- CVE-2017-5451
- CVE-2017-5462
- CVE-2017-5467
- CVE-2017-5430
- CVE-2017-5429
- CVE-2017-5450
- CVE-2017-5463
- CVE-2017-5452
- CVE-2017-5453
- CVE-2017-5458
- CVE-2017-5468
Frequently Asked Questions
What is the severity of CVE-2017-5456?
CVE-2017-5456 is classified as a high severity vulnerability that allows unauthorized access to the local file system.
How do I fix CVE-2017-5456?
To fix CVE-2017-5456, update Firefox ESR to version 52.2 or later, or Firefox to version 53.0 or later.
Which versions of Firefox are affected by CVE-2017-5456?
CVE-2017-5456 affects Firefox versions earlier than 53 and Firefox ESR versions up to and including 52.1.
Is CVE-2017-5456 present in Red Hat Enterprise Linux?
Yes, CVE-2017-5456 can affect Red Hat Enterprise Linux versions 7.0, 7.3, 7.4, and 7.5 that include vulnerable Firefox packages.
What is the impact of CVE-2017-5456 on users?
The impact of CVE-2017-5456 is that it allows a malicious actor to bypass file system access protections, potentially leading to unauthorized data access.
- collector/mozilla-advisory
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2017-5456
- agent/weakness
- agent/remedy
- agent/severity
- source/Mozilla
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/description
- agent/event
- agent/last-modified-date
- agent/trending
- agent/source
- collector/nvd-cve
- source/NVD
- collector/nvd-index
- agent/tags
- agent/author
- agent/softwarecombine
- collector/security-tracker-debian
- source/Debian
- vendor/mozilla
- canonical/mozilla firefox esr
- canonical/mozilla firefox
- vendor/redhat
- canonical/red hat enterprise linux
- version/red hat enterprise linux/7.0
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/7.0
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/7.0
- version/red hat enterprise linux server/7.3
- version/red hat enterprise linux server/7.4
- version/red hat enterprise linux server/7.5
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/7.0
- package-manager/debian