Privilege Escalation Risk in Mozilla Firefox and Thunderbird on Windows
CVE-2015-0833

Currently unrated

Key Information:

Vendor

Opensuse
Status
Evergreen
Opensuse
Vendor
CVE Published:
25 February 2015

What is CVE-2015-0833?

Multiple vulnerabilities are present in the updater.exe component of Mozilla Firefox and Thunderbird for Windows, specifically when the Maintenance Service is disabled. These vulnerabilities allow local users to potentially gain elevated privileges through the exploitation of untrusted search paths. An attacker could leverage a maliciously crafted DLL file placed in either the current working directory or a temporary directory to execute arbitrary code, resulting in unauthorized access. This risk emphasizes the importance of maintaining secure file handling practices and ensuring that software updates are properly managed to mitigate such exploits.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securityfocus.com/bid/72747
vdb-entryx_refsource_BID
https://bugzilla.mozilla.org/show_bug.cgi?id=945192
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2015...
vendor-advisoryx_refsource_SUSE

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.