CVE-2017-5414 Information

Description

The file picker dialog can choose and display the wrong local default directory when instantiated. On some operating systems this can lead to information disclosure such as the operating system or the local account name. This vulnerability affects Firefox 52 and Thunderbird 52.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Reference

http://www.securityfocus.com/bid/96692 http://www.securitytracker.com/id/1037966 https://bugzilla.mozilla.org/show_bug.cgi?id=1319370 https://www.mozilla.org/security/advisories/mfsa2017-05/ https://www.mozilla.org/security/advisories/mfsa2017-09/

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

5.5