Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.6
CVSSv2

CVE-2019-17009

Published: 08/01/2020 Updated: 24/08/2020
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 409
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Firefox

Vulnerability Summary

A privilege escalation vulnerability has been found in Firefox prior to 71.0. When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the updater service.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

mozilla firefox

mozilla firefox_esr

mozilla thunderbird

opensuse leap 15.1

Vendor Advisories

Arch Linux Issues:
A privilege escalation vulnerability has been found in Firefox before 710 When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the updater service ...
Mozilla: Security Vulnerabilities fixed in - Firefox ESR 68.3
Mozilla Foundation Security Advisory 2019-37 Security Vulnerabilities fixed in - Firefox ESR 683 Announced December 3, 2019 Impact high Products Firefox ESR Fixed in Firefox ESR 683 ...
Mozilla: Security Vulnerabilities fixed in - Firefox 71
Mozilla Foundation Security Advisory 2019-36 Security Vulnerabilities fixed in - Firefox 71 Announced December 3, 2019 Impact high Products Firefox Fixed in Firefox 71 ...
Mozilla: Security Vulnerabilities fixed in - Thunderbird 68.3
Mozilla Foundation Security Advisory 2019-38 Security Vulnerabilities fixed in - Thunderbird 683 Announced December 3, 2019 Impact high Products Thunderbird Fixed in Thunderbird 683 ...

References

NVD-CWE-noinfohttps://bugzilla.mozilla.org/show_bug.cgi?id=1510494https://www.mozilla.org/security/advisories/mfsa2019-38/https://www.mozilla.org/security/advisories/mfsa2019-37/https://www.mozilla.org/security/advisories/mfsa2019-36/http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.htmlhttps://nvd.nist.govhttps://security.archlinux.org/CVE-2019-17009https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook