Gecko Media Plugin Sandbox Vulnerability: Local File Access on OS X

Gecko Media Plugin Sandbox Vulnerability: Local File Access on OS X

CVE-2017-5425 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The Gecko Media Plugin sandbox allows access to local files that match specific regular expressions. On OS OX, this matching allows access to some data in subdirectories of "/private/var" that could expose personal or temporary data. This has been updated to not allow access to "/private/var" and its subdirectories. Note: this issue only affects OS X. Other operating systems are not affected. This vulnerability affects Firefox < 52 and Thunderbird < 52.

Learn more about our Cis Benchmark Audit For Operating Systems.