CVE-2017-16541

Impact:
Moderate
Public Date:
2017-11-03
Bugzilla:
1510816: CVE-2017-16541 Mozilla: Proxy bypass using automount and autofs
Firefox proxy settings can be bypassed by using the automount feature with autofs to create a mount point on the local file system. Content can be loaded from this mounted file system directly using a `file:` URI, bypassing configured proxy settings. This issue only affects OS X in default configuration; on Linux systems, autofs must also be installed for the vulnerability to occur.

Find out more about CVE-2017-16541 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This flaw cannot be exploited through email in Thunderbird as scripting is disabled in this for email content. It may be possible to exploit through Feeds (Atom or RSS) or other browser-like contexts.

CVSS v3 metrics

CVSS3 Base Score 5.3
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity Impact None
Availability Impact None

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 6 (firefox) RHSA-2018:2693 2018-09-12
Red Hat Enterprise Linux 7 (firefox) RHSA-2018:2692 2018-09-12
Red Hat Enterprise Linux 7 (thunderbird) RHSA-2018:3458 2018-11-05
Red Hat Enterprise Linux 6 (thunderbird) RHSA-2018:3403 2018-10-30

External References

Last Modified