N/A

The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary file deletion controlled by the non-privileged user. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116, Firefox ESR < 115.1, and Thunderbird < 115.1.

N/A

N/A

Mozilla Firefox 后置链接漏洞

Mozilla Firefox是美国Mozilla基金会的一款开源Web浏览器。 Mozilla Firefox 116 版本存在后置链接漏洞，该漏洞源于Firefox 更新程序创建了一个非特权用户可写的目录。卸载 Firefox 时，该目录中的任何文件都会以卸载用户帐户的权限递归删除。这可以与创建连接（符号链接的一种形式）相结合，以允许非特权用户控制任意文件删除。

N/A

N/A