Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-15657

Опубликовано: 28 июл. 2020
Источник: redhat
CVSS3: 7.3

Описание

Firefox could be made to load attacker-supplied DLL files from the installation directory. This required an attacker that is already capable of placing files in the installation directory. Note: This issue only affected Windows operating systems. Other operating systems are unaffected.. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5firefoxNot affected
Red Hat Enterprise Linux 5thunderbirdOut of support scope
Red Hat Enterprise Linux 6firefoxWill not fix
Red Hat Enterprise Linux 6thunderbirdWill not fix
Red Hat Enterprise Linux 7firefoxWill not fix
Red Hat Enterprise Linux 7thunderbirdWill not fix
Red Hat Enterprise Linux 8firefoxWill not fix
Red Hat Enterprise Linux 8thunderbirdWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-426
https://bugzilla.redhat.com/show_bug.cgi?id=1861648Mozilla: DLL hijacking due to incorrect loading path

7.3 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-15657

CVSS3: 7.8
ubuntu
больше 5 лет назад

Firefox could be made to load attacker-supplied DLL files from the installation directory. This required an attacker that is already capable of placing files in the installation directory. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.

nvd логотип

CVE-2020-15657

CVSS3: 7.8
nvd
больше 5 лет назад

Firefox could be made to load attacker-supplied DLL files from the installation directory. This required an attacker that is already capable of placing files in the installation directory. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.

debian логотип

CVE-2020-15657

CVSS3: 7.8
debian
больше 5 лет назад

Firefox could be made to load attacker-supplied DLL files from the ins ...

github логотип

GHSA-vxw8-wvxp-5f2r

github
больше 3 лет назад

Firefox could be made to load attacker-supplied DLL files from the installation directory. This required an attacker that is already capable of placing files in the installation directory. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.

suse-cvrf логотип

openSUSE-SU-2020:1189-1

suse-cvrf
больше 5 лет назад

Security update for MozillaFirefox

7.3 High

CVSS3