PT-2014-1452 · Mozilla+1 · Firefox Esr+2

Published

2014-04-29

Updated

2021-03-17

CVE-2014-1520

CVSS v2.0

6.9

Medium

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 29.0 Mozilla Firefox ESR versions prior to 24.5

Description The issue allows local users to gain privileges by placing a Trojan horse DLL file into a temporary directory at an unspecified point in the update process. This is related to the maintenservice installer.exe in the Maintenance Service Installer.

Recommendations For Mozilla Firefox versions prior to 29.0, update to version 29.0 or later to resolve the issue. For Mozilla Firefox ESR versions prior to 24.5, update to version 24.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the maintenservice installer.exe to minimize the risk of exploitation.

Exploit

Fix

LPE

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264CWE-269

Related Identifiers

BDU:2015-00417

BDU:2015-00454

CVE-2014-1520

Affected Products

Firefox

Firefox Esr

Suse

PT-2014-1452 · Mozilla+1 · Firefox Esr+2

CVE-2014-1520

Weakness Enumeration

Related Identifiers

Affected Products

References · 16