Описание
A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced after the signature check, before the use, because the write-lock requested by the service does not work on a SMB server. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | macOS only |
| devel | not-affected | macOS only |
| esm-infra/focal | DNE | |
| focal | not-affected | macOS only |
| jammy | not-affected | macOS only |
| kinetic | not-affected | macOS only |
| lunar | not-affected | macOS only |
| mantic | not-affected | macOS only |
| noble | not-affected | macOS only |
| trusty | ignored | end of standard support |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | DNE | |
| esm-apps/bionic | ignored | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| kinetic | DNE | |
| lunar | DNE | |
| mantic | DNE | |
| noble | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | DNE | |
| esm-apps/focal | ignored | |
| esm-infra/bionic | ignored | |
| focal | ignored | |
| jammy | DNE | |
| kinetic | DNE | |
| lunar | DNE | |
| mantic | DNE | |
| noble | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| esm-infra/focal | ignored | |
| focal | ignored | |
| jammy | DNE | |
| kinetic | DNE | |
| lunar | DNE | |
| mantic | DNE | |
| noble | DNE | |
| trusty | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| esm-apps/jammy | ignored | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | ignored | |
| kinetic | ignored | end of life, was needs-triage |
| lunar | ignored | end of life, was needs-triage |
| mantic | DNE | |
| noble | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | ignored | |
| kinetic | DNE | |
| lunar | DNE | |
| mantic | DNE | |
| noble | DNE | |
| trusty | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | macOS only |
| devel | not-affected | macOS only |
| esm-infra/focal | DNE | |
| focal | not-affected | macOS only |
| jammy | not-affected | macOS only |
| kinetic | not-affected | macOS only |
| lunar | not-affected | macOS only |
| mantic | not-affected | macOS only |
| noble | not-affected | macOS only |
| trusty | ignored | end of standard support |
Показывать по
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced after the signature check, before the use, because the write-lock requested by the service does not work on a SMB server. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10.
A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced after the signature check, before the use, because the write-lock requested by the service does not work on a SMB server. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10.
A local attacker can trick the Mozilla Maintenance Service into applyi ...
A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced after the signature check, before the use, because the write-lock requested by the service does not work on a SMB server. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10.
Уязвимость службы Mozilla Maintenance браузеров Mozilla Firefox, Focus for Android, Mozilla Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю получить доступ на чтение, изменение или удаление данных
EPSS
5.5 Medium
CVSS3