1
Candidate: CVE-2017-7760
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7760
5
https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/
7
The Mozilla Windows updater modifies some files to be updated by reading
8
the original file and applying changes to it. The location of the original
9
file can be altered by a malicious user by passing a special path to the
10
callback parameter through the Mozilla Maintenance Service, allowing the
11
manipulation of files in the installation directory and privilege
12
escalation by manipulating the Mozilla Maintenance Service, which has
13
privileged access. Note: This attack requires local system access and only
14
affects Windows. Other operating systems are not affected. This
15
vulnerability affects Firefox ESR < 52.2 and Firefox < 54.
18
chrisccoulson> Windows only
22
Assigned-to: chrisccoulson
25
upstream_firefox: released (54.0)
26
precise/esm_firefox: DNE
27
trusty_firefox: not-affected
28
vivid/ubuntu-core_firefox: DNE
29
vivid/stable-phone-overlay_firefox: DNE
30
xenial_firefox: not-affected
31
yakkety_firefox: not-affected
32
zesty_firefox: not-affected
33
devel_firefox: not-affected