When the Mozilla Updater is run, if the Updater's log file in the working directory points to a hardlink, data can be appended to an arbitrary local file. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox ESR < 45.5 and Firefox < 50.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox_esr |
||
mozilla firefox |
||
debian debian linux 8.0 |