 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| CVE ID: | CVE-2019-11736 |
| Description: | The Mozilla Maintenance Service does not guard against files being
hardlinked to another file in the updates directory, allowing for the
replacement of local files, including the Maintenance Service
executable, which is run with privileged access. Additionally, there
was a race condition during checks for junctions and symbolic links by
the Maintenance Service, allowing for potential local file and
directory manipulation to be undetected in some circumstances. This
allows for potential privilege escalation by a user with unprivileged
local access. *Note: These attacks requires local system access and only affects Windows. Other operating systems are not affected.*. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. |
| Test IDs: | None available |
| Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2019-11736 https://bugzilla.mozilla.org/show_bug.cgi?id=1551913 https://bugzilla.mozilla.org/show_bug.cgi?id=1552206 SuSE Security Announcement: openSUSE-SU-2019:2251 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html SuSE Security Announcement: openSUSE-SU-2019:2260 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html |