CVE-2019-11753 — Improper Validation of Integrity Check Value in Mozilla Firefox
Severity
7.8HIGHNVD
EPSS
0.1%
top 80.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 27
Latest updateMay 24
Description
The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation by unprivileged users or malware. If the Mozilla Maintenance Service is manipulated to update this unprotected location and the updated maintenance service in the unprotected location has been altered, the altered maintenance service can run with elevated privileges during the update process due to a lack of integrity checks. This allows for privilege escalation if th…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages6 packages
🔴Vulnerability Details
2GHSA▶
GHSA-8h86-hhcq-m432: The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation by unprivileged user↗2022-05-24
OSV▶
CVE-2019-11753: The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation by unprivileged user↗2019-09-27