Critical severity9.8NVD Advisory· Published Jun 11, 2018· Updated Jun 17, 2026
CVE-2017-5456
CVE-2017-5456
Description
A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system. This vulnerability affects Firefox ESR < 52.1 and Firefox < 53.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
51<52.1+ 2 more
- (no CPE)range: <52.1
- (no CPE)range: unspecified
- (no CPE)range: unspecified
- osv-coords48 versionspkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweedpkg:rpm/suse/firefox-gcc5&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/firefox-gcc5&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSSpkg:rpm/suse/firefox-gcc5&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/firefox-gcc5&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/firefox-gcc5&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/firefox-libffi-gcc5&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/firefox-libffi-gcc5&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSSpkg:rpm/suse/firefox-libffi-gcc5&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/firefox-libffi-gcc5&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/firefox-libffi-gcc5&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/MozillaFirefox-branding-SLED&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/MozillaFirefox-branding-SLED&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSSpkg:rpm/suse/MozillaFirefox-branding-SLED&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/MozillaFirefox-branding-SLED&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/MozillaFirefox-branding-SLED&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/MozillaFirefox-branding-SLE&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/MozillaFirefox-branding-SLE&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/MozillaFirefox-branding-SLE&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/MozillaFirefox-branding-SLE&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/MozillaFirefox-branding-SLE&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/MozillaFirefox-branding-SLE&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/MozillaFirefox-branding-SLE&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/MozillaFirefox-branding-SLE&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/MozillaFirefox-branding-SLE&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/MozillaFirefox&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSSpkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4
< 128.5.1-1.1+ 47 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 92.0-1.2
- (no CPE)range: < 5.3.1+r233831-7.1
- (no CPE)range: < 5.3.1+r233831-7.1
- (no CPE)range: < 5.3.1+r233831-7.1
- (no CPE)range: < 5.3.1+r233831-7.1
- (no CPE)range: < 5.3.1+r233831-7.1
- (no CPE)range: < 5.3.1+r233831-7.1
- (no CPE)range: < 5.3.1+r233831-7.1
- (no CPE)range: < 5.3.1+r233831-7.1
- (no CPE)range: < 5.3.1+r233831-7.1
- (no CPE)range: < 5.3.1+r233831-7.1
- (no CPE)range: < 52-24.3.44
- (no CPE)range: < 52-24.3.44
- (no CPE)range: < 52-24.3.44
- (no CPE)range: < 52-24.3.44
- (no CPE)range: < 52-24.3.44
- (no CPE)range: < 52-31.1
- (no CPE)range: < 52-31.1
- (no CPE)range: < 52-31.1
- (no CPE)range: < 52-31.1
- (no CPE)range: < 52-31.1
- (no CPE)range: < 52-31.1
- (no CPE)range: < 52-31.1
- (no CPE)range: < 52-31.1
- (no CPE)range: < 52-31.1
- (no CPE)range: < 52.2.0esr-108.3
- (no CPE)range: < 52.2.0esr-72.5.2
- (no CPE)range: < 52.2.0esr-72.5.2
- (no CPE)range: < 52.2.0esr-72.5.2
- (no CPE)range: < 52.2.0esr-72.5.2
- (no CPE)range: < 52.2.0esr-108.3
- (no CPE)range: < 52.2.0esr-108.3
- (no CPE)range: < 52.2.0esr-108.3
- (no CPE)range: < 52.2.0esr-108.3
- (no CPE)range: < 52.2.0esr-72.5.2
- (no CPE)range: < 52.2.0esr-108.3
- (no CPE)range: < 52.2.0esr-108.3
- (no CPE)range: < 52.2.0esr-108.3
- (no CPE)range: < 52.2.0esr-72.5.2
- (no CPE)range: < 52.2.0esr-108.3
- (no CPE)range: < 52.2.0esr-108.3
- (no CPE)range: < 3.29.5-47.3.2
- (no CPE)range: < 3.29.5-47.3.2
- (no CPE)range: < 3.29.5-47.3.2
- (no CPE)range: < 3.29.5-47.3.2
- (no CPE)range: < 3.29.5-47.3.2
- (no CPE)range: < 3.29.5-47.3.2
Patches
Vulnerability mechanics
References
6- bugzilla.mozilla.org/show_bug.cginvdExploitIssue TrackingPatchVendor Advisory
- www.securityfocus.com/bid/97940nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1038320nvdThird Party AdvisoryVDB Entry
- access.redhat.com/errata/RHSA-2017:1106nvdThird Party Advisory
- www.mozilla.org/security/advisories/mfsa2017-10/nvdVendor Advisory
- www.mozilla.org/security/advisories/mfsa2017-12/nvdVendor Advisory
News mentions
0No linked articles in our index yet.