Vulnerability CVE-2017-5414: Information

Description

The file picker dialog can choose and display the wrong local default directory when instantiated. On some operating systems, this can lead to information disclosure, such as the operating system or the local account name. This vulnerability affects Firefox < 52 and Thunderbird < 52.

Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2017-5414

Published: June 12, 2018

Modified: Aug. 2, 2018

Error type identifier: CWE-200

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
firefox	sisyphus	52.0-alt1	127.0-alt1	ALT-PU-2017-1322-1	180581	Fixed
firefox	p10	52.0-alt1	118.0.2-alt0.p10.1	ALT-PU-2017-1322-1	180581	Fixed
firefox	p9	52.0-alt1	105.0.1-alt0.c9.1	ALT-PU-2017-1322-1	180581	Fixed
firefox	p8	52.0-alt0.M80P.1	68.0.1-alt0.M80P.1	ALT-PU-2017-1328-1	180622	Fixed
firefox	c10f1	52.0-alt1	112.0.2-alt0.p10.1	ALT-PU-2017-1322-1	180581	Fixed
firefox	c9f2	52.0-alt1	105.0.1-alt0.c9.1	ALT-PU-2017-1322-1	180581	Fixed
firefox	c7	52.5.3-alt0.M70C.1	60.8.0-alt0.M70C.1	ALT-PU-2018-1225-1	200642	Fixed
firefox	p11	52.0-alt1	126.0.1-alt1	ALT-PU-2017-1322-1	180581	Fixed
firefox-esr	sisyphus	52.1.1-alt1	115.11.0-alt1	ALT-PU-2017-1578-1	182570	Fixed
firefox-esr	p10	52.1.1-alt1	115.11.0-alt1	ALT-PU-2017-1578-1	182570	Fixed
firefox-esr	p9	52.1.1-alt1	102.11.0-alt0.c9.1	ALT-PU-2017-1578-1	182570	Fixed
firefox-esr	p8	52.3.0-alt0.M80P.1	68.4.1-alt0.M80P.1	ALT-PU-2017-2230-1	188380	Fixed
firefox-esr	c10f1	52.1.1-alt1	115.9.1-alt0.c10.1	ALT-PU-2017-1578-1	182570	Fixed
firefox-esr	c9f2	52.1.1-alt1	102.12.0-alt0.c9.1	ALT-PU-2017-1578-1	182570	Fixed
firefox-esr	p11	52.1.1-alt1	115.11.0-alt1	ALT-PU-2017-1578-1	182570	Fixed
thunderbird	sisyphus	52.0-alt1	115.9.0-alt1	ALT-PU-2017-1447-1	181366	Fixed
thunderbird	p10	52.0-alt1	115.9.0-alt1	ALT-PU-2017-1447-1	181366	Fixed
thunderbird	p9	52.0-alt1	102.11.0-alt0.c9.1	ALT-PU-2017-1447-1	181366	Fixed
thunderbird	p8	52.3.0-alt0.M80P.1	60.8.0-alt0.M80P.1	ALT-PU-2017-2238-1	188382	Fixed
thunderbird	c10f1	52.0-alt1	115.9.0-alt0.c10.1	ALT-PU-2017-1447-1	181366	Fixed
thunderbird	c9f2	52.0-alt1	102.11.0-alt0.c9.1	ALT-PU-2017-1447-1	181366	Fixed
thunderbird	c7	60.8.0-alt0.M70C.1	60.8.0-alt0.M70C.1	ALT-PU-2019-2345-1	234994	Fixed
thunderbird	p11	52.0-alt1	115.9.0-alt1	ALT-PU-2017-1447-1	181366	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://www.mozilla.org/security/advisories/mfsa2017-09/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2017-05/	Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1319370	Issue Tracking Vendor Advisory
1037966	Third Party Advisory VDB Entry
96692	Third Party Advisory VDB Entry

Affected configurations:
1. Configuration 1
  cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
  End excliding
  52.0
  
  Configuration 2
  cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
  End excliding
  52.0

Version: v24.5.3

Vulnerability CVE-2017-5414: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1

Configuration 2