Количество 15
Количество 15
CVE-2025-2817
Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled by a non-privileged user and enabling privilege escalation. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird < 128.10.
CVE-2025-2817
Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled by a non-privileged user and enabling privilege escalation. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird < 128.10.
CVE-2025-2817
Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled by a non-privileged user and enabling privilege escalation. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird < 128.10.
CVE-2025-2817
Thunderbird's update mechanism allowed a medium-integrity user process ...
SUSE-SU-2025:1414-1
Security update for MozillaFirefox
GHSA-j657-7g4v-wv6h
Mozilla Firefox's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled by a non-privileged user and enabling privilege escalation. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird ESR < 128.10.
BDU:2025-06662
Уязвимость компонента Update Handler браузеров Mozilla Firefox, Mozilla Firefox ESR, почтового клиента Mozilla Thunderbird, позволяющая нарушителю повысить свои привилегии
ELSA-2025-7428
ELSA-2025-7428: firefox security update (IMPORTANT)
ELSA-2025-4797
ELSA-2025-4797: thunderbird security update (IMPORTANT)
ELSA-2025-4751
ELSA-2025-4751: firefox security update (IMPORTANT)
ELSA-2025-4460
ELSA-2025-4460: thunderbird security update (IMPORTANT)
ELSA-2025-4458
ELSA-2025-4458: firefox security update (IMPORTANT)
ELSA-2025-4443
ELSA-2025-4443: firefox security update (IMPORTANT)
SUSE-SU-2025:1506-1
Security update for MozillaThunderbird
SUSE-SU-2025:1436-1
Security update for MozillaFirefox
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-2817 Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled by a non-privileged user and enabling privilege escalation. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird < 128.10. | CVSS3: 8.8 | 0% Низкий | около 2 месяцев назад |
 | CVE-2025-2817 Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled by a non-privileged user and enabling privilege escalation. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird < 128.10. | CVSS3: 8.5 | 0% Низкий | около 2 месяцев назад |
 | CVE-2025-2817 Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled by a non-privileged user and enabling privilege escalation. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird < 128.10. | CVSS3: 8.8 | 0% Низкий | около 2 месяцев назад |
| CVE-2025-2817 Thunderbird's update mechanism allowed a medium-integrity user process ... | CVSS3: 8.8 | 0% Низкий | около 2 месяцев назад |
 | SUSE-SU-2025:1414-1 Security update for MozillaFirefox | 0% Низкий | около 2 месяцев назад | |
| GHSA-j657-7g4v-wv6h Mozilla Firefox's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled by a non-privileged user and enabling privilege escalation. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird ESR < 128.10. | CVSS3: 8.8 | 0% Низкий | около 2 месяцев назад |
 | BDU:2025-06662 Уязвимость компонента Update Handler браузеров Mozilla Firefox, Mozilla Firefox ESR, почтового клиента Mozilla Thunderbird, позволяющая нарушителю повысить свои привилегии | CVSS3: 8.8 | 0% Низкий | около 2 месяцев назад |
| ELSA-2025-7428 ELSA-2025-7428: firefox security update (IMPORTANT) | 29 дней назад | ||
| ELSA-2025-4797 ELSA-2025-4797: thunderbird security update (IMPORTANT) | около 1 месяца назад | ||
| ELSA-2025-4751 ELSA-2025-4751: firefox security update (IMPORTANT) | 20 дней назад | ||
| ELSA-2025-4460 ELSA-2025-4460: thunderbird security update (IMPORTANT) | около 2 месяцев назад | ||
| ELSA-2025-4458 ELSA-2025-4458: firefox security update (IMPORTANT) | около 1 месяца назад | ||
| ELSA-2025-4443 ELSA-2025-4443: firefox security update (IMPORTANT) | около 2 месяцев назад | ||
| SUSE-SU-2025:1506-1 Security update for MozillaThunderbird | около 1 месяца назад | ||
| SUSE-SU-2025:1436-1 Security update for MozillaFirefox | около 2 месяцев назад |
Уязвимостей на страницу