CVE-2017-5425

2018-06-11T21:29:00
ID CVE-2017-5425
Type cve
Reporter cve@mitre.org
Modified 2018-08-09T18:35:00

Description

The Gecko Media Plugin sandbox allows access to local files that match specific regular expressions. On OS OX, this matching allows access to some data in subdirectories of "/private/var" that could expose personal or temporary data. This has been updated to not allow access to "/private/var" and its subdirectories. Note: this issue only affects OS X. Other operating systems are not affected. This vulnerability affects Firefox < 52 and Thunderbird < 52.