Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.5
CVSSv3

CVE-2023-29532

Published: 19/06/2023 Updated: 27/06/2023
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 0
Subscribe to Mozilla

Vulnerability Summary

A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced after the signature check, before the use, because the write-lock requested by the service does not work on a SMB server. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10.

Vulnerable Product Search on Vulmon Subscribe to Product

mozilla firefox

mozilla firefox_esr

mozilla thunderbird

Vendor Advisories

Red Hat:
Description<!---->The Mozilla Foundation Security Advisory describes this flaw as: A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server The update file can be replaced after the signature check, before the use, because the write-lock re ...
Mozilla: Security Vulnerabilities fixed in Firefox 112, Firefox for Android 112, Focus for Android 112
Mozilla Foundation Security Advisory 2023-13 Security Vulnerabilities fixed in Firefox 112, Firefox for Android 112, Focus for Android 112 Announced April 11, 2023 Impact high Products Firefox, Firefox for Android, Focus for Android Fixed in ...
Mozilla: Security Vulnerabilities fixed in Thunderbird 102.10
Mozilla Foundation Security Advisory 2023-15 Security Vulnerabilities fixed in Thunderbird 10210 Announced April 11, 2023 Impact high Products Thunderbird Fixed in Thunderbird 10210 ...
Mozilla: Security Vulnerabilities fixed in Firefox ESR 102.10
Mozilla Foundation Security Advisory 2023-14 Security Vulnerabilities fixed in Firefox ESR 10210 Announced April 11, 2023 Impact high Products Firefox ESR Fixed in Firefox ESR 10210 ...

References

NVD-CWE-noinfohttps://www.mozilla.org/security/advisories/mfsa2023-14/https://www.mozilla.org/security/advisories/mfsa2023-13/https://bugzilla.mozilla.org/show_bug.cgi?id=1806394https://www.mozilla.org/security/advisories/mfsa2023-15/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2023-29532https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-3400deserializationCVE-2024-21788CVE-2023-42433CVE-2024-21841CVE-2024-22095local file inclusionmemory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook