CVE-2017-5397 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2017-5397 Interim 1 16 2023-02-10T02:21:59Z current 2021-05-30T13:52:17Z 2023-02-10T02:21:59Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2017-5397 The cache directory on the local file system is set to be world writable. Firefox defaults to extracting libraries from this cache. This allows for the possibility of an installed malicious application or tools with write access to the file system to replace files used by Firefox with their own versions. This vulnerability affects Firefox < 51.0.3. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Software Development Kit 12 SP1 SUSE Linux Enterprise Software Development Kit 12 SP2 SUSE Linux Enterprise Server 11 SP1 for Teradata SUSE Linux Enterprise Server 11 SP3 for Teradata SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Server 11 SP4-LTSS SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Software Development Kit 12 SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Software Development Kit 12 SP2 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Software Development Kit 12 SP1 SUSE Linux Enterprise Software Development Kit 12 SP2 MozillaFirefox MozillaFirefox-devel MozillaFirefox-translations MozillaFirefox-translations-common MozillaFirefox-translations-other MozillaFirefox as a component of SUSE Linux Enterprise Desktop 12 SP1 MozillaFirefox-translations as a component of SUSE Linux Enterprise Desktop 12 SP1 MozillaFirefox as a component of SUSE Linux Enterprise Server 11 SP1 for Teradata MozillaFirefox as a component of SUSE Linux Enterprise Server 11 SP3 for Teradata MozillaFirefox as a component of SUSE Linux Enterprise Server 11 SP4-LTSS MozillaFirefox-translations-common as a component of SUSE Linux Enterprise Server 11 SP4-LTSS MozillaFirefox-translations-other as a component of SUSE Linux Enterprise Server 11 SP4-LTSS MozillaFirefox as a component of SUSE Linux Enterprise Server 12 SP1 MozillaFirefox-translations as a component of SUSE Linux Enterprise Server 12 SP1 MozillaFirefox as a component of SUSE Linux Enterprise Server 12 SP2 MozillaFirefox-translations as a component of SUSE Linux Enterprise Server 12 SP2 MozillaFirefox-devel as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 MozillaFirefox as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 MozillaFirefox-devel as a component of SUSE Linux Enterprise Software Development Kit 12 SP1 MozillaFirefox as a component of SUSE Linux Enterprise Software Development Kit 12 SP1 MozillaFirefox-devel as a component of SUSE Linux Enterprise Software Development Kit 12 SP2 MozillaFirefox as a component of SUSE Linux Enterprise Software Development Kit 12 SP2 The cache directory on the local file system is set to be world writable. Firefox defaults to extracting libraries from this cache. This allows for the possibility of an installed malicious application or tools with write access to the file system to replace files used by Firefox with their own versions. This vulnerability affects Firefox < 51.0.3. CVE-2017-5397 SUSE Linux Enterprise Desktop 12 SP1:MozillaFirefox SUSE Linux Enterprise Desktop 12 SP1:MozillaFirefox-translations SUSE Linux Enterprise Server 11 SP1 for Teradata:MozillaFirefox SUSE Linux Enterprise Server 11 SP3 for Teradata:MozillaFirefox SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-translations-common SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-translations-other SUSE Linux Enterprise Server 12 SP1:MozillaFirefox SUSE Linux Enterprise Server 12 SP1:MozillaFirefox-translations SUSE Linux Enterprise Server 12 SP2:MozillaFirefox SUSE Linux Enterprise Server 12 SP2:MozillaFirefox-translations SUSE Linux Enterprise Software Development Kit 11 SP4:MozillaFirefox SUSE Linux Enterprise Software Development Kit 11 SP4:MozillaFirefox-devel SUSE Linux Enterprise Software Development Kit 12 SP1:MozillaFirefox SUSE Linux Enterprise Software Development Kit 12 SP1:MozillaFirefox-devel SUSE Linux Enterprise Software Development Kit 12 SP2:MozillaFirefox SUSE Linux Enterprise Software Development Kit 12 SP2:MozillaFirefox-devel critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H