Privilege escalation in Firefox ESR - CVE-2017-7760
Published: June 14, 2017 / Updated: May 26, 2020
Vulnerability identifier: #VU7073
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-7760
CWE-ID: CWE-427
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Mozilla
Affected software:
Firefox ESR
Firefox ESR
Detailed vulnerability description
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to uncontrolled search path element. A local attacker can pass a special path to the callback parameter through the Mozilla Maintenance Service, manipulate files in the installation directory and gain system privileges.
Successful exploitation of the vulnerability may result in privileges escalation.
The vulnerability exists due to uncontrolled search path element. A local attacker can pass a special path to the callback parameter through the Mozilla Maintenance Service, manipulate files in the installation directory and gain system privileges.
Successful exploitation of the vulnerability may result in privileges escalation.
How to mitigate CVE-2017-7760
Update to version 52.2.