First published: Tue Mar 07 2017(Updated: )
The Mozilla Windows updater can be called by a non-privileged user to delete an arbitrary local file by passing a special path to the callback parameter through the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.
Credit: security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mozilla Firefox ESR | <45.8 | 45.8 |
<52 | 52 | |
<45.8 | 45.8 | |
Mozilla Firefox | <52.0 | |
Microsoft Windows | ||
Mozilla Firefox ESR | <45.8.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)