#VU7073 Privilege escalation in Firefox ESR - CVE-2017-7760
Published: June 14, 2017 / Updated: May 26, 2020
Vulnerability identifier: #VU7073
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-7760
CWE-ID: CWE-427
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Firefox ESR
Firefox ESR
Software vendor:
Mozilla
Mozilla
Description
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to uncontrolled search path element. A local attacker can pass a special path to the callback parameter through the Mozilla Maintenance Service, manipulate files in the installation directory and gain system privileges.
Successful exploitation of the vulnerability may result in privileges escalation.
The vulnerability exists due to uncontrolled search path element. A local attacker can pass a special path to the callback parameter through the Mozilla Maintenance Service, manipulate files in the installation directory and gain system privileges.
Successful exploitation of the vulnerability may result in privileges escalation.
Remediation
Update to version 52.2.