Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
updater.exe in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows allows local users to write to arbitrary files by conducting a junction attack and waiting for an update operation by the Mozilla Maintenance Service.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Mozilla Firefox和Firefox ESR 权限许可和访问控制漏洞
Vulnerability Description
Mozilla Firefox和Firefox ESR都是美国Mozilla基金会开发的浏览器产品。Firefox是一款开源Web浏览器;Firefox ESR是Firefox的一个延长支持版本。 基于Windows平台的Mozilla Firefox 40.0.3及之前版本和Firefox ESR 38.3之前38.x版本的updater.exe文件中存在安全漏洞。本地攻击者可通过实施连接攻击并等待Mozilla Maintenance Service执行更新操作,利用该漏洞写入任意文件。
CVSS Information
N/A
Vulnerability Type
N/A