Security researcher Nicolas Golubovic reported that a malicious page can overwrite files on the user's machine using Content Security Policy (CSP) violation reports. The file contents are restricted to the JSON format of the report. In many cases overwriting a local file is simply be destructive, breaking the functionality of that file. The CSP error reports can include HTML fragments which could be rendered by browsers. If a user has disabled add-on signing and has installed an "unpacked" add-on, a malicious page could overwrite one of the add-on resources. Depending on how this resource is used, this could lead to privilege escalation. External Reference: https://www.mozilla.org/security/announce/2016/mfsa2016-17.html Acknowledgements: Name: the Mozilla project Upstream: Nicolas Golubovic
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 5 Via RHSA-2016:0373 https://rhn.redhat.com/errata/RHSA-2016-0373.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 7 Via RHSA-2016:0460 https://rhn.redhat.com/errata/RHSA-2016-0460.html