Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.4
CVSSv2

CVE-2019-11736

Published: 27/09/2019 Updated: 05/10/2019
CVSS v2 Base Score: 4.4 | Impact Score: 6.4 | Exploitability Score: 3.4
CVSS v3 Base Score: 7 | Impact Score: 5.9 | Exploitability Score: 1
VMScore: 392
Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Firefox

Vulnerability Summary

The Mozilla Maintenance Service does not guard against files being hardlinked to another file in the updates directory, allowing for the replacement of local files, including the Maintenance Service executable, which is run with privileged access. Additionally, there was a race condition during checks for junctions and symbolic links by the Maintenance Service, allowing for potential local file and directory manipulation to be undetected in some circumstances. This allows for potential privilege escalation by a user with unprivileged local access. <br>*Note: These attacks requires local system access and only affects Windows. Other operating systems are not affected.*. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

mozilla firefox

mozilla firefox_esr

Vendor Advisories

Mozilla: Security vulnerabilities fixed in Firefox ESR 68.1
Mozilla Foundation Security Advisory 2019-26 Security vulnerabilities fixed in Firefox ESR 681 Announced September 3, 2019 Impact critical Products Firefox ESR Fixed in Firefox ESR 681 ...
Mozilla: Security vulnerabilities fixed in Firefox 69
Mozilla Foundation Security Advisory 2019-25 Security vulnerabilities fixed in Firefox 69 Announced September 3, 2019 Impact critical Products Firefox Fixed in Firefox 69 ...

References

CWE-362https://bugzilla.mozilla.org/show_bug.cgi?id=1552206https://bugzilla.mozilla.org/show_bug.cgi?id=1551913https://www.mozilla.org/security/advisories/mfsa2019-25/https://www.mozilla.org/security/advisories/mfsa2019-26/http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.htmlhttps://nvd.nist.govhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-26/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook