CVE-2015-2720Mozilla Firefox vulnerability

CWE-172 documents2 sources
Severity
4.4MEDIUMNVD
EPSS
0.1%
top 77.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Firefox
Timeline
PublishedMay 14
Latest updateMay 17

Description

The update implementation in Mozilla Firefox before 38.0 on Windows does not ensure that the pathname for updater.exe corresponds to the application directory, which might allow local users to gain privileges via a Trojan horse file.

CVSS vector

AV:L/AC:M/C:P/I:P/A:PExploitability: 3.4 | Impact: 6.4

Affected Packages1 packages

NVDmozilla/firefox37.0.2

🔴Vulnerability Details

1
GHSA
GHSA-mmqm-9qw8-9hc9: The update implementation in Mozilla Firefox before 382022-05-17