CVE-2017-5425

The Gecko Media Plugin sandbox allows access to local files that match specific regular expressions. On OS OX, this matching allows access to some data in subdirectories of "/private/var" that could expose personal or temporary data. This has been updated to not allow access to "/private/var" and its subdirectories. Note: this issue only affects OS X. Other operating systems are not affected. This vulnerability affects Firefox < 52 and Thunderbird < 52.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mozillaCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
VendorProductVersion
mozillafirefox
𝑥
< 52.0
mozillathunderbird
𝑥
< 52.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
firefox
sid
132.0.1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
yakkety
not-affected
xenial
not-affected
trusty
dne
precise
not-affected
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/96692
http://www.securitytracker.com/id/1037966
https://bugzilla.mozilla.org/show_bug.cgi?id=1322716
https://www.mozilla.org/security/advisories/mfsa2017-05/
https://www.mozilla.org/security/advisories/mfsa2017-09/
http://www.securityfocus.com/bid/96692
http://www.securitytracker.com/id/1037966
https://bugzilla.mozilla.org/show_bug.cgi?id=1322716
https://www.mozilla.org/security/advisories/mfsa2017-05/
https://www.mozilla.org/security/advisories/mfsa2017-09/