Количество 20
Количество 20
CVE-2025-2817
Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled by a non-privileged user and enabling privilege escalation. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird < 128.10.
CVE-2025-2817
Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled by a non-privileged user and enabling privilege escalation. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird < 128.10.
CVE-2025-2817
Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled by a non-privileged user and enabling privilege escalation. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird < 128.10.
CVE-2025-2817
Thunderbird's update mechanism allowed a medium-integrity user process ...
SUSE-SU-2025:1414-1
Security update for MozillaFirefox
GHSA-j657-7g4v-wv6h
Mozilla Firefox's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled by a non-privileged user and enabling privilege escalation. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird ESR < 128.10.
BDU:2025-06662
Уязвимость компонента Update Handler браузеров Mozilla Firefox, Mozilla Firefox ESR, почтового клиента Mozilla Thunderbird, позволяющая нарушителю повысить свои привилегии
ROS-20250710-03
Уязвимость Firefox
RLSA-2025:4797
Important: thunderbird security update
RLSA-2025:4458
Important: firefox security update
ELSA-2025-7506
ELSA-2025-7506: firefox security update (IMPORTANT)
ELSA-2025-7428
ELSA-2025-7428: firefox security update (IMPORTANT)
ELSA-2025-4797
ELSA-2025-4797: thunderbird security update (IMPORTANT)
ELSA-2025-4751
ELSA-2025-4751: firefox security update (IMPORTANT)
ELSA-2025-4460
ELSA-2025-4460: thunderbird security update (IMPORTANT)
ELSA-2025-4458
ELSA-2025-4458: firefox security update (IMPORTANT)
ELSA-2025-4443
ELSA-2025-4443: firefox security update (IMPORTANT)
SUSE-SU-2025:1506-1
Security update for MozillaThunderbird
SUSE-SU-2025:1436-1
Security update for MozillaFirefox
ELSA-2025-7507
ELSA-2025-7507: thunderbird security update (IMPORTANT)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-2817 Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled by a non-privileged user and enabling privilege escalation. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird < 128.10. | CVSS3: 8.8 | 0% Низкий | 6 месяцев назад |
 | CVE-2025-2817 Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled by a non-privileged user and enabling privilege escalation. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird < 128.10. | CVSS3: 8.5 | 0% Низкий | 6 месяцев назад |
 | CVE-2025-2817 Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled by a non-privileged user and enabling privilege escalation. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird < 128.10. | CVSS3: 8.8 | 0% Низкий | 6 месяцев назад |
| CVE-2025-2817 Thunderbird's update mechanism allowed a medium-integrity user process ... | CVSS3: 8.8 | 0% Низкий | 6 месяцев назад |
 | SUSE-SU-2025:1414-1 Security update for MozillaFirefox | 0% Низкий | 6 месяцев назад | |
| GHSA-j657-7g4v-wv6h Mozilla Firefox's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled by a non-privileged user and enabling privilege escalation. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird ESR < 128.10. | CVSS3: 8.8 | 0% Низкий | 6 месяцев назад |
 | BDU:2025-06662 Уязвимость компонента Update Handler браузеров Mozilla Firefox, Mozilla Firefox ESR, почтового клиента Mozilla Thunderbird, позволяющая нарушителю повысить свои привилегии | CVSS3: 8.8 | 0% Низкий | 6 месяцев назад |
 | ROS-20250710-03 Уязвимость Firefox | CVSS3: 8.8 | 0% Низкий | 4 месяца назад |
 | RLSA-2025:4797 Important: thunderbird security update | 3 месяца назад | ||
| RLSA-2025:4458 Important: firefox security update | 3 месяца назад | ||
| ELSA-2025-7506 ELSA-2025-7506: firefox security update (IMPORTANT) | 4 месяца назад | ||
| ELSA-2025-7428 ELSA-2025-7428: firefox security update (IMPORTANT) | 6 месяцев назад | ||
| ELSA-2025-4797 ELSA-2025-4797: thunderbird security update (IMPORTANT) | 6 месяцев назад | ||
| ELSA-2025-4751 ELSA-2025-4751: firefox security update (IMPORTANT) | 5 месяцев назад | ||
| ELSA-2025-4460 ELSA-2025-4460: thunderbird security update (IMPORTANT) | 6 месяцев назад | ||
| ELSA-2025-4458 ELSA-2025-4458: firefox security update (IMPORTANT) | 6 месяцев назад | ||
| ELSA-2025-4443 ELSA-2025-4443: firefox security update (IMPORTANT) | 6 месяцев назад | ||
| SUSE-SU-2025:1506-1 Security update for MozillaThunderbird | 6 месяцев назад | ||
| SUSE-SU-2025:1436-1 Security update for MozillaFirefox | 6 месяцев назад | ||
| ELSA-2025-7507 ELSA-2025-7507: thunderbird security update (IMPORTANT) | 4 месяца назад |
Уязвимостей на страницу