Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary file deletion controlled by the non-privileged user. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116, Firefox ESR < 115.1, and Thunderbird < 115.1.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Mozilla Firefox 后置链接漏洞
Vulnerability Description
Mozilla Firefox是美国Mozilla基金会的一款开源Web浏览器。 Mozilla Firefox 116 版本存在后置链接漏洞,该漏洞源于Firefox 更新程序创建了一个非特权用户可写的目录。卸载 Firefox 时,该目录中的任何文件都会以卸载用户帐户的权限递归删除。这可以与创建连接(符号链接的一种形式)相结合,以允许非特权用户控制任意文件删除。
CVSS Information
N/A
Vulnerability Type
N/A