Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Mozilla Windows updater modifies some files to be updated by reading the original file and applying changes to it. The location of the original file can be altered by a malicious user by passing a special path to the callback parameter through the Mozilla Maintenance Service, allowing the manipulation of files in the installation directory and privilege escalation by manipulating the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Mozilla Firefox和Firefox ESR for Windows 安全漏洞
Vulnerability Description
Mozilla Firefox for Windows是美国Mozilla基金会的一款基于Windows平台的开源Web浏览器。Firefox ESR for Windows是Firefox的一个基于Windows平台的延长支持版本。 基于Windows平台的Mozilla Firefox 54之前的版本和Firefox ESR 52.2之前的版本中存在安全漏洞。攻击者可利用该漏洞更改原始文件的位置,操作安装路径下的文件和提升权限。
CVSS Information
N/A
Vulnerability Type
N/A