CVE-2020-15657

Summary

Firefox could be made to load attacker-supplied DLL files from the installation directory. This required an attacker that is already capable of placing files in the installation directory. Note: This issue only affected Windows operating systems. Other operating systems are unaffected.. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefox ESRunspecified < 78.1affected
MozillaFirefoxunspecified < 79affected
MozillaThunderbirdunspecified < 78.1affected

Weaknesses

  • DLL hijacking due to incorrect loading path

ADP Enrichment

CVE Program Container

Additional References

References