CVE-2020-15663

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 80 Thunderbird versions prior to 78.2 Thunderbird versions prior to 68.12 Firefox ESR versions prior to 68.12 Firefox ESR versions prior to 78.2

Description The issue is related to the Mozilla Maintenance Service, which can execute updater.exe with system privileges if Firefox is installed in a user-writable directory. Although the service checks for a valid Mozilla signature, it does not prevent the version from being rolled back to a previous one, potentially allowing the exploitation of older bugs and arbitrary code execution with system privileges. This issue only affects Windows operating systems.

Recommendations For Firefox versions prior to 80, update to version 80 or later to resolve the issue. For Thunderbird versions prior to 78.2, update to version 78.2 or later to resolve the issue. For Thunderbird versions prior to 68.12, update to version 68.12 or later to resolve the issue. For Firefox ESR versions prior to 68.12, update to version 68.12 or later to resolve the issue. For Firefox ESR versions prior to 78.2, update to version 78.2 or later to resolve the issue.