PT-2017-17932 · Microsoft+3 · Windows+5

Seb Patane

Published

2017-06-13

Updated

2019-10-03

CVE-2017-7767

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Firefox ESR versions prior to 52.2 Firefox versions prior to 54

Description The issue allows an unprivileged user to invoke the Mozilla Maintenance Service and overwrite arbitrary files with junk data using the Mozilla Windows Updater, which has privileged access. This requires local system access and only affects Windows operating systems.

Recommendations For Firefox ESR versions prior to 52.2, update to version 52.2 or later. For Firefox versions prior to 54, update to version 54 or later.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

ALT-PU-2017-1770

ALT-PU-2017-1886

CVE-2017-7767

MGASA-2018-0018

OPENSUSE-SU-2017_1620-1

Affected Products

Alt Linux

Firefox

Maintenance Service

Windows Update

Suse

Windows

PT-2017-17932 · Microsoft+3 · Windows+5

CVE-2017-7767

Weakness Enumeration

Related Identifiers

Affected Products

References · 17