 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| CVE ID: | CVE-2019-11753 |
| Description: | The Firefox installer allows Firefox to be installed to a custom user
writable location, leaving it unprotected from manipulation by
unprivileged users or malware. If the Mozilla Maintenance Service is
manipulated to update this unprotected location and the updated
maintenance service in the unprotected location has been altered, the
altered maintenance service can run with elevated privileges during
the update process due to a lack of integrity checks. This allows for
privilege escalation if the executable has been replaced locally.
*Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.*. This vulnerability affects Firefox < 69, Firefox ESR < 60.9, and Firefox ESR < 68.1. |
| Test IDs: | 1.3.6.1.4.1.25623.1.1.4.2019.14173.1 |
| Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2019-11753 https://bugzilla.mozilla.org/show_bug.cgi?id=1574980 SuSE Security Announcement: openSUSE-SU-2019:2251 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html SuSE Security Announcement: openSUSE-SU-2019:2260 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html |