CVE-2025-2817
published 2025-04-29CVE-2025-2817: Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled by a non-privileged user and enabling privilege escalation. This vulnerability was fixed in Firefox 138, Firefox ESR 128.10, Firefox ESR 115.23, Thunderbird 138, and Thunderbird 128.10.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | — | — |
| debian | firefox-esr | — | — |
| debian | thunderbird | — | — |
| mozilla | firefox | < 115.23.0 | 115.23.0 |
| mozilla | firefox | < 138.0 | 138.0 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= 116.0 < 128.10.0 | 128.10.0 |
| mozilla | thunderbird | < 128.10.0 | 128.10.0 |
| mozilla | thunderbird | >= 129.0 < 138.0 | 138.0 |
| msrc | cbl2_vim_9.0.0325-1_on_cbl_mariner_2.0 | — | — |
| msrc | cm1_vim_9.0.0360-1_on_cbl_mariner_1.0 | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv8.8HIGH