PT-2017-17932 · Microsoft+3 · Windows+5

Seb Patane

·

Publicado

2017-06-13

·

Atualizado

2019-10-03

·

CVE-2017-7767

CVSS v3.1

5.5

Média

VetorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Name of the Vulnerable Software and Affected Versions Firefox ESR versions prior to 52.2 Firefox versions prior to 54
Description The issue allows an unprivileged user to invoke the Mozilla Maintenance Service and overwrite arbitrary files with junk data using the Mozilla Windows Updater, which has privileged access. This requires local system access and only affects Windows operating systems.
Recommendations For Firefox ESR versions prior to 52.2, update to version 52.2 or later. For Firefox versions prior to 54, update to version 54 or later.

Correção

Improper Privilege Management

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-269

Identificadores relacionados

ALT-PU-2017-1770
ALT-PU-2017-1886
CVE-2017-7767
MGASA-2018-0018
OPENSUSE-SU-2017_1620-1

Produtos afetados

Alt Linux
Firefox
Maintenance Service
Windows Update
Suse
Windows