CVE-2017-5427

{"id": "CVE-2017-5427", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 1.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2018-06-11T21:29:05.407", "references": [{"url": "http://www.securityfocus.com/bid/96692", "tags": ["VDB Entry", "Third Party Advisory"], "source": "security@mozilla.org"}, {"url": "http://www.securitytracker.com/id/1037966", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security@mozilla.org"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1295542", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2017-05/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-362"}]}], "descriptions": [{"lang": "en", "value": "A non-existent chrome.manifest file will attempt to be loaded during startup from the primary installation directory. If a malicious user with local access puts chrome.manifest and other referenced files in this directory, they will be loaded and activated during startup. This could result in malicious software being added without consent or modification of referenced installed files. This vulnerability affects Firefox < 52."}, {"lang": "es", "value": "Un archivo chrome.manifest inexistente intentar\u00e1 cargarse durante el arranque desde el directorio de instalaci\u00f3n primario. Si un usuario malicioso con acceso local coloca chrome.manifest y otros archivos referenciados en este directorio, se cargar\u00e1n y activar\u00e1n durante el arranque. Esto podr\u00eda resultar en que se a\u00f1adir\u00e1 software malicioso sin consentimiento o modificaci\u00f3n de archivos referenciados instalados. La vulnerabilidad afecta a Firefox en versiones anteriores a la 52."}], "lastModified": "2018-08-07T18:06:07.003", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6239EC26-A3A1-4FD4-B96F-F47B09C0CA00", "versionEndExcluding": "52.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@mozilla.org"}