CVE-2017-5456

Source
Severity High
Remote Yes
Type Arbitrary filesystem access
Description
A security issue has been found in Firefox < 53, allowing to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system.
Group Package Affected Fixed Severity Status Ticket
AVG-249 firefox 52.0.2-1 53.0-1 Critical Fixed
Date Advisory Group Package Severity Description
21 Apr 2017 ASA-201704-6 AVG-249 firefox Critical multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5456
https://bugzilla.mozilla.org/show_bug.cgi?id=1344415