CVE-2019-11753

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 69 Mozilla Firefox ESR versions prior to 60.9 Mozilla Firefox ESR versions prior to 68.1

Description The issue is related to the lack of integrity checks in the Mozilla Maintenance Service for Windows, which can be exploited to escalate privileges. This can occur when the Firefox installer allows the browser to be installed in a custom, user-writable location, making it vulnerable to manipulation by unprivileged users or malware. If the Maintenance Service is altered to update this unprotected location and the updated service has been modified, it can run with elevated privileges during the update process. This attack requires local system access and only affects Windows.

Recommendations For Mozilla Firefox versions prior to 69, update to version 69 or later to resolve the issue. For Mozilla Firefox ESR versions prior to 60.9, update to version 60.9 or later to resolve the issue. For Mozilla Firefox ESR versions prior to 68.1, update to version 68.1 or later to resolve the issue.