CVE-2017-7794
Description
On Linux systems, if the content process is compromised, the sandbox broker will allow files to be truncated even though the sandbox explicitly only has read access to the local file system and no write permissions. Note: This attack only affects the Linux operating system. Other operating systems are not affected. This vulnerability affects Firefox < 55.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.046
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Update for Mozilla Firefox (55.0) | Windows |
| Update for Mozilla Firefox x64 (55.0) | Windows |
| Update for Mozilla Firefox (55.0.1) | Windows |
| Update for Mozilla Firefox x64 (55.0.1) | Windows |
| Update for Mozilla Firefox (55.0.2) | Windows |
| Update for Mozilla Firefox x64 (55.0.2) | Windows |
| Update for Mozilla Firefox (55.0.3) | Windows |
| Update for Mozilla Firefox x64 (55.0.3) | Windows |
| Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (55.0) | Mac |
| Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (55.0.2) | Mac |
| Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (55.0.3) | Mac |
| Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 54.0.1 | Mac |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-306197 | Update for Mozilla Firefox (55.0) |
| PATCH-306198 | Update for Mozilla Firefox x64 (55.0) |
| PATCH-306230 | Update for Mozilla Firefox (55.0.1) |
| PATCH-306231 | Update for Mozilla Firefox x64 (55.0.1) |
| PATCH-306259 | Update for Mozilla Firefox (55.0.2) |
| PATCH-306260 | Update for Mozilla Firefox x64 (55.0.2) |
| PATCH-306311 | Update for Mozilla Firefox (55.0.3) |
| PATCH-306312 | Update for Mozilla Firefox x64 (55.0.3) |
| PATCH-607000 | Mozilla Firefox For Mac (124.0) |
| PATCH-607000 | Mozilla Firefox For Mac (124.0) |
| PATCH-607000 | Mozilla Firefox For Mac (124.0) |
| PATCH-611870 | Mozilla Firefox For Mac (142.0.1) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234