Уязвимость выполнения произвольного кода с системными привилегиями через откат "updater.exe" в Mozilla Maintenance Service на Windows
Описание
Когда Firefox установлен в директорию, доступную для записи пользователем, Mozilla Maintenance Service запускает updater.exe из этой директории с системными привилегиями. Хотя Mozilla Maintenance Service проверяет, что updater.exe подписан Mozilla, его версия может быть откачена к более ранней, что позволяет эксплуатировать старую уязвимость и выполнять произвольный код с системными привилегиями.
Примечание: данная уязвимость затрагивает только операционные системы Windows. Другие операционные системы не подвержены воздействию.
Затронутые версии ПО
- Firefox до версии 80
- Thunderbird до версии 78.2 и до 68.12
- Firefox ESR до 68.12 и до 78.2
Тип уязвимости
Выполнение произвольного кода
Ссылки
- Issue TrackingPermissions RequiredVendor Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- Issue TrackingPermissions RequiredVendor Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
Уязвимые конфигурации
Одно из
EPSS
8.8 High
CVSS3
9.3 Critical
CVSS2
Дефекты
Связанные уязвимости
If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges. Although the Mozilla Maintenance Service does ensure that updater.exe is signed by Mozilla, the version could have been rolled back to a previous version which would have allowed exploitation of an older bug and arbitrary code execution with System Privileges. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 80, Thunderbird < 78.2, Thunderbird < 68.12, Firefox ESR < 68.12, and Firefox ESR < 78.2.
If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges. Although the Mozilla Maintenance Service does ensure that updater.exe is signed by Mozilla, the version could have been rolled back to a previous version which would have allowed exploitation of an older bug and arbitrary code execution with System Privileges. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 80, Thunderbird < 78.2, Thunderbird < 68.12, Firefox ESR < 68.12, and Firefox ESR < 78.2.
If Firefox is installed to a user-writable directory, the Mozilla Main ...
If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges. Although the Mozilla Maintenance Service does ensure that updater.exe is signed by Mozilla, the version could have been rolled back to a previous version which would have allowed exploitation of an older bug and arbitrary code execution with System Privileges. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 80, Thunderbird < 78.2, Thunderbird < 68.12, Firefox ESR < 68.12, and Firefox ESR < 78.2.
Уязвимость службы Maintenance Service браузеров Mozilla Firefox, Mozilla Firefox ESR и почтового клиента Thunderbird для Windows, позволяющая нарушителю выполнить произвольный код с повышенными привилегиями
EPSS
8.8 High
CVSS3
9.3 Critical
CVSS2