PT-2019-6252 · Mozilla+2 · Firefox Esr+4

Robert Strong

Published

2019-12-03

Updated

2020-08-24

CVE-2019-17009

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 71 Mozilla Firefox ESR versions prior to 68.3 Thunderbird versions prior to 68.3

Description The issue is related to errors in handling temporary files by the update service of Mozilla Firefox, Mozilla Firefox ESR, and the Thunderbird email client for Windows. Exploitation of this issue could allow an attacker to write status and log files to an unprotected directory. This requires local system access and only affects Windows, with other operating systems not being affected.

Recommendations For Mozilla Firefox versions prior to 71, update to version 71 or later. For Mozilla Firefox ESR versions prior to 68.3, update to version 68.3 or later. For Thunderbird versions prior to 68.3, update to version 68.3 or later.

Fix

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-377CWE-276

Related Identifiers

ALT-PU-2019-3237

ALT-PU-2019-3239

ALT-PU-2019-3264

ALT-PU-2020-1166

ALT-PU-2020-1515

ALT-PU-2020-1617

BDU:2022-05929

CVE-2019-17009

MGASA-2019-0376

MGASA-2019-0377

OPENSUSE-SU-2020:0002-1

OPENSUSE-SU-2020:0003-1

OPENSUSE-SU-2020_0002-1

SUSE-SU-2019:14260-1

SUSE-SU-2019:3337-1

SUSE-SU-2019:3339-1

SUSE-SU-2019:3347-1

SUSE-SU-2019_14260-1

Affected Products

Alt Linux

Firefox

Firefox Esr

Suse

Thunderbird

PT-2019-6252 · Mozilla+2 · Firefox Esr+4

CVE-2019-17009

Weakness Enumeration

Related Identifiers

Affected Products

References · 55