admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2017/CVE-2017-54xx/CVE-2017-5456.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

216 lines
6.6 KiB
JSON
Raw Blame History

{
"id": "CVE-2017-5456",
"sourceIdentifier": "security@mozilla.org",
"published": "2018-06-11T21:29:06.873",
"lastModified": "2019-10-03T00:03:26.223",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system. This vulnerability affects Firefox ESR < 52.1 and Firefox < 53."
},
{
"lang": "es",
"value": "Mecanismo para omitir las protecciones de acceso al sistema de archivos en el sandbox mediante el constructor de peticiones al sistema de archivos mediante un mensaje IPC. Esto permite acceso de lectura y escritura al sistema de archivos local. La vulnerabilidad afecta a Firefox ESR en versiones anteriores a la 52.1 y Firefox en versiones anteriores a la 53."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": true,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A8442C20-41F9-47FD-9A12-E724D3A31FD7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "53.0",
"matchCriteriaId": "83FECC93-8DC3-41D0-8E53-45E1F4D53321"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"versionEndExcluding": "52.1.0",
"matchCriteriaId": "A198F107-231C-4DF7-AA34-6138E2EA95E9"
}
]
}
]
}
],
"references": [
{
"url": "http://www.securityfocus.com/bid/97940",
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.securitytracker.com/id/1038320",
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:1106",
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1344415",
"source": "security@mozilla.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2017-10/",
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2017-12/",
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink