CVE-2017-5454

Source
Severity High
Remote Yes
Type Access restriction bypass
Description
A security issue has been found in Firefox < 53, allowing to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system.
Group Package Affected Fixed Severity Status Ticket
AVG-249 firefox 52.0.2-1 53.0-1 Critical Fixed
Date Advisory Group Package Severity Description
21 Apr 2017 ASA-201704-6 AVG-249 firefox Critical multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5454
https://bugzilla.mozilla.org/show_bug.cgi?id=1349276