CVE-2017-7755
N/A
N/A
Summary
The Firefox installer on Windows can be made to load malicious DLL files stored in the same directory as the installer when it is run. This allows privileged execution if the installer is run with elevated privileges. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Mozilla | Firefox | unspecified < 54 | affected |
| Mozilla | Firefox ESR | unspecified < 52.2 | affected |
| Mozilla | Thunderbird | unspecified < 52.2 | affected |
Weaknesses
- Privilege escalation through Firefox Installer with same directory DLL files
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/99057
- https://www.mozilla.org/security/advisories/mfsa2017-15/
- http://www.securitytracker.com/id/1038689
- https://bugzilla.mozilla.org/show_bug.cgi?id=1361326
- https://www.mozilla.org/security/advisories/mfsa2017-17/
- https://www.mozilla.org/security/advisories/mfsa2017-16/
References
- http://www.securityfocus.com/bid/99057
- https://www.mozilla.org/security/advisories/mfsa2017-15/
- http://www.securitytracker.com/id/1038689
- https://bugzilla.mozilla.org/show_bug.cgi?id=1361326
- https://www.mozilla.org/security/advisories/mfsa2017-17/
- https://www.mozilla.org/security/advisories/mfsa2017-16/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.