PT-2020-14573 · Mozilla+2 · Firefox+4

Steve Nyan Lin

·

Published

2020-07-28

·

Updated

2024-12-12

·

CVE-2020-15657

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 79 Firefox ESR versions prior to 78.1 Thunderbird versions prior to 78.1
Description The issue allows an attacker to load attacker-supplied DLL files from the installation directory, but this requires the attacker to already have the capability to place files in the installation directory. This problem is specific to Windows operating systems, with other operating systems being unaffected.
Recommendations For Firefox versions prior to 79, update to version 79 or later. For Firefox ESR versions prior to 78.1, update to version 78.1 or later. For Thunderbird versions prior to 78.1, update to version 78.1 or later.

Exploit

Fix

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-427

Related Identifiers

ALT-PU-2020-2466
ALT-PU-2020-2598
ALT-PU-2020-2709
ALT-PU-2020-2933
ALT-PU-2020-2934
ALT-PU-2020-3442
ALT-PU-2021-1368
ALT-PU-2021-1369
ALT-PU-2021-3368
CVE-2020-15657
OPENSUSE-SU-2020:1147-1
OPENSUSE-SU-2020:1155-1
OPENSUSE-SU-2020:1189-1
OPENSUSE-SU-2020_1147-1
OPENSUSE-SU-2020_1155-1
OPENSUSE-SU-2020_1189-1
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:14572-1
SUSE-SU-2020:14456-1
SUSE-SU-2020:2100-1
SUSE-SU-2020:2118-1
SUSE-SU-2020:2147-1

Affected Products

Alt Linux
Firefox
Firefox Esr
Suse
Thunderbird