CVE-2017-5427

Description

A non-existent chrome.manifest file will attempt to be loaded during startup from the primary installation directory. If a malicious user with local access puts chrome.manifest and other referenced files in this directory, they will be loaded and activated during startup. This could result in malicious software being added without consent or modification of referenced installed files. This vulnerability affects Firefox < 52.

Risk Information

Base Score

5.5

MODERATE

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS Score

Exploitation Probability

0.098

Associated Vulnerability

Vulnerability	OS Platform
Update for Mozilla Firefox (52.0)	Windows
Update for Mozilla Firefox x64 (52.0)	Windows
Update for Mozilla Firefox ESR (52.0.1)	Windows
Update for Mozilla Firefox ESR x64 (52.0.1)	Windows
Update for Mozilla Firefox (52.0.1)	Windows
Update for Mozilla Firefox x64 (52.0.1)	Windows
Mozilla Firefox (52.0.2)	Windows
Mozilla Firefox x64 (52.0.2)	Windows
Update for Mozilla Firefox ESR (52.1.0)	Windows
Update for Mozilla Firefox ESR x64 (52.1.0)	Windows
Update for Mozilla Firefox ESR (52.1.1)	Windows
Update for Mozilla Firefox ESR x64 (52.1.1)	Windows
Update for Mozilla Firefox ESR (52.1.2)	Windows
Update for Mozilla Firefox ESR x64 (52.1.2)	Windows
Update for Mozilla Firefox ESR (52.2.0)	Windows
Update for Mozilla Firefox ESR x64 (52.2.0)	Windows
Update for Mozilla Firefox ESR (52.2.1)	Windows
Update for Mozilla Firefox ESR x64 (52.2.1)	Windows
Update for Mozilla Firefox ESR (52.3.0)	Windows
Update for Mozilla Firefox ESR x64 (52.3.0)	Windows
Update for Mozilla Firefox ESR (52.4.0)	Windows
Update for Mozilla Firefox ESR x64 (52.4.0)	Windows
Update for Mozilla Firefox ESR (52.4.1)	Windows
Update for Mozilla Firefox ESR x64 (52.4.1)	Windows
Update for Mozilla Firefox ESR (52.5.0)	Windows
Update for Mozilla Firefox ESR x64 (52.5.0)	Windows
Update for Mozilla Firefox ESR (52.5.1)	Windows
Update for Mozilla Firefox ESR x64 (52.5.1)	Windows
Update for Mozilla Firefox ESR (52.5.2)	Windows
Update for Mozilla Firefox ESR x64 (52.5.2)	Windows
Update for Mozilla Firefox ESR (52.5.3)	Windows
Update for Mozilla Firefox ESR x64 (52.5.3)	Windows
Updates for Mozilla Firefox ESR (52.6.0)	Windows
Updates for Mozilla Firefox ESR (x64) (52.6.0)	Windows
Updates for Mozilla Firefox ESR (52.7.0)	Windows
Updates for Mozilla Firefox ESR (x64) (52.7.0)	Windows
Updates for Mozilla Firefox ESR (52.7.1)	Windows
Updates for Mozilla Firefox ESR (x64) (52.7.1)	Windows
Updates for Mozilla Firefox ESR (52.7.2)	Windows
Updates for Mozilla Firefox ESR (x64) (52.7.2)	Windows
Updates for Mozilla Firefox ESR (52.7.3)	Windows
Updates for Mozilla Firefox ESR (x64) (52.7.3)	Windows
Updates for Mozilla Firefox ESR (52.7.4)	Windows
Updates for Mozilla Firefox ESR (x64) (52.7.4)	Windows
Updates for Mozilla Firefox ESR (52.8.0)	Windows
Updates for Mozilla Firefox ESR (x64) (52.8.0)	Windows
Updates for Mozilla Firefox ESR (52.8.1)	Windows
Updates for Mozilla Firefox ESR (x64) (52.8.1)	Windows
Updates for Mozilla Firefox ESR (52.9.0)	Windows
Updates for Mozilla Firefox ESR (x64) (52.9.0)	Windows
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (52.0)	Mac
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (52.0.1)	Mac
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (52.0.2)	Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 51.0.3	Mac

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-344482	Mozilla Firefox (134.0.1)
PATCH-304735	Update for Mozilla Firefox x64 (52.0)
PATCH-304794	Update for Mozilla Firefox ESR (52.0.1)
PATCH-304795	Update for Mozilla Firefox ESR x64 (52.0.1)
PATCH-344482	Mozilla Firefox (134.0.1)
PATCH-304797	Update for Mozilla Firefox x64 (52.0.1)
PATCH-344482	Mozilla Firefox (134.0.1)
PATCH-305435	Mozilla Firefox x64 (52.0.2)
PATCH-305615	Update for Mozilla Firefox ESR (52.1.0)
PATCH-305616	Update for Mozilla Firefox ESR x64 (52.1.0)
PATCH-305697	Update for Mozilla Firefox ESR (52.1.1)
PATCH-305698	Update for Mozilla Firefox ESR x64 (52.1.1)
PATCH-305773	Update for Mozilla Firefox ESR (52.1.2)
PATCH-305774	Update for Mozilla Firefox ESR x64 (52.1.2)
PATCH-305926	Update for Mozilla Firefox ESR (52.2.0)
PATCH-306017	Update for Mozilla Firefox ESR (52.2.1)
PATCH-306195	Update for Mozilla Firefox ESR (52.3.0)
PATCH-306451	Update for Mozilla Firefox ESR (52.4.0)
PATCH-306503	Update for Mozilla Firefox ESR (52.4.1)
PATCH-307007	Updates for Mozilla Firefox ESR (52.6.0)
PATCH-307012	Updates for Mozilla Firefox ESR (x64) (52.6.0)
PATCH-307244	Updates for Mozilla Firefox ESR (52.7.0)
PATCH-307247	Updates for Mozilla Firefox ESR (x64) (52.7.0)
PATCH-307256	Updates for Mozilla Firefox ESR (52.7.1)
PATCH-307259	Updates for Mozilla Firefox ESR (x64) (52.7.1)
PATCH-307269	Updates for Mozilla Firefox ESR (52.7.2)
PATCH-307273	Updates for Mozilla Firefox ESR (x64) (52.7.2)
PATCH-307307	Updates for Mozilla Firefox ESR (52.7.3)
PATCH-307311	Updates for Mozilla Firefox ESR (x64) (52.7.3)
PATCH-307460	Updates for Mozilla Firefox ESR (52.7.4)
PATCH-307464	Updates for Mozilla Firefox ESR (x64) (52.7.4)
PATCH-307503	Updates for Mozilla Firefox ESR (52.8.0)
PATCH-307508	Updates for Mozilla Firefox ESR (x64) (52.8.0)
PATCH-307643	Updates for Mozilla Firefox ESR (52.8.1)
PATCH-307647	Updates for Mozilla Firefox ESR (x64) (52.8.1)
PATCH-307722	Updates for Mozilla Firefox ESR (52.9.0)
PATCH-307728	Updates for Mozilla Firefox ESR (x64) (52.9.0)
PATCH-607000	Mozilla Firefox For Mac (124.0)
PATCH-607000	Mozilla Firefox For Mac (124.0)
PATCH-607000	Mozilla Firefox For Mac (124.0)
PATCH-611870	Mozilla Firefox For Mac (142.0.1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234