Published: 11/06/2018 Updated: 03/10/2019

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 409

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

On Linux systems, if the content process is compromised, the sandbox broker will allow files to be truncated even though the sandbox explicitly only has read access to the local file system and no write permissions. Note: This attack only affects the Linux operating system. Other operating systems are not affected. This vulnerability affects Firefox < 55.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox

USN-3391-1 introduced a regression in Firefox ...

This update provides compatible packages for Firefox 55 ...

Firefox could be made to crash or run programs as your login if it opened a malicious website ...

Mozilla Foundation Security Advisory 2017-18 Security vulnerabilities fixed in Firefox 55 Announced August 8, 2017 Impact critical Products Firefox Fixed in Firefox 55 ...

On Linux systems, if the content process is compromised, the sandbox broker will allow files to be truncated even though the sandbox explicitly only has read access to the local file system and no write permissions Note: This attack only affects the Linux operating system Other operating systems are not affected This vulnerability affects Firefo ...

A security issue has been found in Firefox < 550 On Linux systems, if the content process is compromised, the sandbox broker will allow files to be truncated even though the sandbox explicitly only has read access to the local file system and no write permissions ...

CWE-276 https://www.mozilla.org/security/advisories/mfsa2017-18/https://bugzilla.mozilla.org/show_bug.cgi?id=1374281 http://www.securitytracker.com/id/1039124 https://nvd.nist.gov https://usn.ubuntu.com/3391-3/

CVE-2017-7794

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect