CVE-2017-7766
First published: Tue Jun 13 2017(Updated: )
An attack using manipulation of updater.ini contents, used by the Mozilla Windows Updater, and privilege escalation through the Mozilla Maintenance Service to allow for arbitrary file execution and deletion by the Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.
Credit: security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Firefox | <54.0 | |
| Firefox ESR | <52.2.0 | |
| Microsoft Windows | ||
| Firefox | <54 | 54 |
| Firefox ESR | <52.2 | 52.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.mozilla.org/show_bug.cgi?id=1342742
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7758
- http://www.securityfocus.com/bid/99057
- http://www.securitytracker.com/id/1038689
- https://www.mozilla.org/security/advisories/mfsa2017-15/
- https://www.mozilla.org/security/advisories/mfsa2017-16/
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2017-5472
- CVE-2017-7749
- CVE-2017-7750
- CVE-2017-7751
- CVE-2017-7752
- CVE-2017-7754
- CVE-2017-7755
- CVE-2017-7756
- CVE-2017-7757
- CVE-2017-7778
- CVE-2017-7758
- CVE-2017-7759
- CVE-2017-7760
- CVE-2017-7761
- CVE-2017-7762
- CVE-2017-7763
- CVE-2017-7764
- CVE-2017-7765
- CVE-2017-7766
- CVE-2017-7767
- CVE-2017-7768
- CVE-2017-7770
- CVE-2017-5471
- CVE-2017-5470
Frequently Asked Questions
What is the severity of CVE-2017-7766?
CVE-2017-7766 is classified as a privilege escalation vulnerability that can lead to arbitrary file execution and deletion.
How do I fix CVE-2017-7766?
To remediate CVE-2017-7766, update Mozilla Firefox to version 54 or later and Firefox ESR to version 52.2 or later.
Who is affected by CVE-2017-7766?
CVE-2017-7766 affects users of Mozilla Firefox versions up to 54 and Firefox ESR versions up to 52.2.
What type of attack is represented by CVE-2017-7766?
CVE-2017-7766 involves an attack leveraging manipulated updater.ini contents to escalate privileges through the Mozilla Maintenance Service.
Is CVE-2017-7766 specific to any operating system?
CVE-2017-7766 primarily affects the Windows operating system when using Mozilla's browsers.
- agent/type
- agent/first-publish-date
- agent/references
- agent/severity
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/mozilla-advisory
- source/Mozilla
- agent/software-canonical-lookup
- vendor/mozilla
- canonical/firefox
- canonical/firefox esr
- vendor/microsoft
- canonical/microsoft windows