Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-17009

Опубликовано: 03 дек. 2019
Источник: redhat
CVSS3: 7.8
EPSS Низкий

Описание

When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the updater service. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5firefoxOut of support scope
Red Hat Enterprise Linux 5thunderbirdOut of support scope
Red Hat Enterprise Linux 6firefoxNot affected
Red Hat Enterprise Linux 6thunderbirdNot affected
Red Hat Enterprise Linux 7firefoxNot affected
Red Hat Enterprise Linux 7thunderbirdNot affected
Red Hat Enterprise Linux 8firefoxNot affected
Red Hat Enterprise Linux 8thunderbirdNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-377
https://bugzilla.redhat.com/show_bug.cgi?id=1779433Mozilla: Updater temporary files accessible to unprivileged processes

EPSS

Процентиль: 35%
0.00144
Низкий

7.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-17009

CVSS3: 7.8
ubuntu
около 6 лет назад

When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the updater service. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.*. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.

nvd логотип

CVE-2019-17009

CVSS3: 7.8
nvd
около 6 лет назад

When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the updater service. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.*. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.

debian логотип

CVE-2019-17009

CVSS3: 7.8
debian
около 6 лет назад

When running, the updater service wrote status and log files to an unr ...

github логотип

GHSA-9wr8-jjcr-qw4x

github
больше 3 лет назад

When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the updater service. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.*. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.

fstec логотип

BDU:2022-05929

CVSS3: 7.8
fstec
около 6 лет назад

Уязвимость службы обновления браузеров Mozilla Firefox, Mozilla Firefox ESR и почтового клиента Thunderbird для Windows, позволяющая нарушителю записать файлы состояний и журнала в незащищенный каталог

EPSS

Процентиль: 35%
0.00144
Низкий

7.8 High

CVSS3