Vulnerability identifier: #VU46015
Vulnerability risk: Low
Exploitation vector: Local
Exploit availability: No
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due Mozilla Maintenance Service does not check if the updater.exe file has a valid signature before executing it with elevated privileges. A local user with ability to replace the updater.exe file file can execute arbitrary code with SYSTEM privileges.
Install updates from vendor's website.
Vulnerable software versions
Firefox ESR: 78.0 - 78.1.0, 68.0 - 68.11.0, 60.0 - 60.9.0
Mozilla Firefox: 7.0.1 - 79.0
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?