VDB
CVE-2017-5427
CVE-2017-5427
PUBLISHED
A non-existent chrome.manifest file will attempt to be loaded during startup from the primary installation directory. If a malicious user with local access puts chrome.manifest and other referenced files in this directory, they will be loaded and activated during startup. This could result in malicious software being added without consent or modification of referenced installed files. This vulnerability affects Firefox < 52.
EPSS 0.10% · 27.0th percentile
Risk Scores
EPSS Score
0.10%
27.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | firefox | 0, 41.0.2+build2-0ubuntu1, 42.0+build2-0ubuntu1 |
| Ubuntu:14.04:LTS | firefox | 40.0.3+build1-0ubuntu0.14.04.1, 41.0+build3-0ubuntu0.14.04.1, * |
Timeline
- Mar 7, 2017 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2017-5427 third-party-advisory
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5427 third-party-advisory
- https://ubuntu.com/security/notices/USN-3216-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2017-5427 third-party-advisory