A non-existent chrome.manifest file will attempt to be loaded during startup from the primary installation directory. If a malicious user with local access puts chrome.manifest and other referenced files in this directory, they will be loaded and activated during startup. This could result in malicious software being added without consent or modification of referenced installed files. This vulnerability affects Firefox < 52.
Un archivo chrome.manifest inexistente intentará cargarse durante el arranque desde el directorio de instalación primario. Si un usuario malicioso con acceso local coloca chrome.manifest y otros archivos referenciados en este directorio, se cargarán y activarán durante el arranque. Esto podría resultar en que se añadirá software malicioso sin consentimiento o modificación de archivos referenciados instalados. La vulnerabilidad afecta a Firefox en versiones anteriores a la 52.
USN-3216-1 fixed vulnerabilities in Firefox. The update resulted in a startup crash when Firefox is used with XRDP. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to bypass same origin restrictions, obtain sensitive information, spoof the addressbar, spoof the print dialog, cause a denial of service via application crash or hang, or execute arbitrary code. Various other issues were also addressed.
