PT-2019-6252 · Mozilla+2 · Firefox Esr+4

Robert Strong

Publicado

2019-12-03

Atualizado

2020-08-24

CVE-2019-17009

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 71 Mozilla Firefox ESR versions prior to 68.3 Thunderbird versions prior to 68.3

Description The issue is related to errors in handling temporary files by the update service of Mozilla Firefox, Mozilla Firefox ESR, and the Thunderbird email client for Windows. Exploitation of this issue could allow an attacker to write status and log files to an unprotected directory. This requires local system access and only affects Windows, with other operating systems not being affected.

Recommendations For Mozilla Firefox versions prior to 71, update to version 71 or later. For Mozilla Firefox ESR versions prior to 68.3, update to version 68.3 or later. For Thunderbird versions prior to 68.3, update to version 68.3 or later.

Correção

Incorrect Default Permissions

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-377CWE-276

Identificadores relacionados

ALT-PU-2019-3237

ALT-PU-2019-3239

ALT-PU-2019-3264

ALT-PU-2020-1166

ALT-PU-2020-1515

ALT-PU-2020-1617

BDU:2022-05929

CVE-2019-17009

MGASA-2019-0376

MGASA-2019-0377

OPENSUSE-SU-2020:0002-1

OPENSUSE-SU-2020:0003-1

OPENSUSE-SU-2020_0002-1

SUSE-SU-2019:14260-1

SUSE-SU-2019:3337-1

SUSE-SU-2019:3339-1

SUSE-SU-2019:3347-1

SUSE-SU-2019_14260-1

Produtos afetados

Alt Linux

Firefox

Firefox Esr

Suse

Thunderbird

PT-2019-6252 · Mozilla+2 · Firefox Esr+4

CVE-2019-17009

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 55