4.4 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.1%
The update implementation in Mozilla Firefox before 38.0 on Windows does
not ensure that the pathname for updater.exe corresponds to the application
directory, which might allow local users to gain privileges via a Trojan
horse file.
Author | Note |
---|---|
chrisccoulson | Affects Firefox on Windows only |