Incorrect Permission Assignment for Critical Resource

CVE-2017-7821

High

9.8/10

Summary

A vulnerability where WebExtensions can download and attempt to open a file of some non-executable file types. This can be triggered without specific user interaction for the file download and open actions. This could be used to trigger known vulnerabilities in the programs that handle those document types. This vulnerability affects Firefox < 56.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-732 - Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References

Advisory Timeline

Published Jun 11, 2018

Incorrect Permission Assignment for Critical Resource

CVE-2017-7821

Summary

CWE-732 - Incorrect Permission Assignment for Critical Resource

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS