CVE-2017-5426 Information

Description

On Linux if the secure computing mode BPF (seccomp-bpf) filter is running when the Gecko Media Plugin sandbox is started the sandbox fails to be applied and items that would run within the sandbox are run protected only by the running filter which is typically weak compared to the sandbox. Note: this issue only affects Linux. Other operating systems are not affected. This vulnerability affects Firefox 52 and Thunderbird 52.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Reference

http://www.securityfocus.com/bid/96694 http://www.securitytracker.com/id/1037966 https://bugzilla.mozilla.org/show_bug.cgi?id=1257361 https://www.mozilla.org/security/advisories/mfsa2017-05/ https://www.mozilla.org/security/advisories/mfsa2017-09/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

LOW

Base Score

NONE

Base Severity

5.3