These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2017-5940 was publicly disclosed on 2017-02-09 and describes a Firejail sandbox escape issue caused by incomplete dotfile handling while trying to block access to user files with an euid of zero. The record states that local users could leverage a symlink and the --private option to bypass containment, and that the flaw existed because of an incomplete fix for CVE-2017-5180.
CVE-2017-5180 is a local Firejail sandbox-escape issue tied to how the tool handled user file access protections when running with an euid of zero. According to the record, Firejail did not consider the .Xauthority case in its attempt to block access to user files, and the issue could be reached through a symlink-based vector while using the --private option. The NVD record rates the issue HIGH with a CVS [truncated]
CVE-2016-9016 is a high-severity Firejail sandbox escape affecting version 0.9.38.4. According to NVD, a local user can abuse a crafted TIOCSTI ioctl call to execute arbitrary commands outside the sandbox boundary. The CVSS v3.0 vector reflects local attack requirements, low attack complexity, low privileges, no user interaction, and a changed scope with high impact to confidentiality, integrity, and availability.