Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2014-1496

Source

Mozilla Foundation Security Advisory 2014-16

Files extracted during updates are not always read only

Announced

March 18, 2014

Reporter

Ash

Impact

Moderate

Products

Firefox, Firefox ESR, SeaMonkey, Thunderbird

Fixed in

Firefox 28
Firefox ESR 24.4
SeaMonkey 2.25
Thunderbird 24.4

Description

Security researcher Ash reported an issue where the extracted files for updates to existing files are not read only during the update process. This allows for the potential replacement or modification of these files during the update process if a malicious application is present on the local system.

References

Files extracted from Mar file are not locked during update (CVE-2014-1496)

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Files extracted during updates are not always read only

Files extracted during updates are not always read only

Description

References

Vulmon Search

About

Products

Connect