Main Vulnerability Database Vulnerabilities #VU20821

Windows Hard Link in Mozilla Firefox - CVE-2019-11736

Published: September 3, 2019

Vulnerability identifier: #VU20821

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-11736

CWE-ID: CWE-65

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Mozilla

Affected software:
Mozilla Firefox

Detailed vulnerability description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the Mozilla Maintenance Service does not guard against files being hardlinked to another file in the updates directory. A local user can create a hardlink to a privileged file and replace it with malicious one. Successful exploitation of the vulnerability may allow a local us to escalate privileges on the system.

Note, the vulnerability affects Windows installation only.

How to mitigate CVE-2019-11736

Install updates from vendor's website.

Sources

https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/

Windows Hard Link in Mozilla Firefox - CVE-2019-11736

Detailed vulnerability description

How to mitigate CVE-2019-11736

Sources

Please verify you're human