1. Home
  2. Vulnerabilities
  3. CVE-2019-17009

CVE-2019-17009

CVSS v3.1 7.8 (High)
78% Progress
CVSS v2.0 4.6 (Medium)
46% Progress
EPSS 0.04 % (15th)
0.04% Progress
Affected Products 5
Advisories 11
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the updater service. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.

Weaknesses
CWE-NVD-noinfo
Related CVEs
CVE Status
PUBLISHED
CNA
Mozilla Corporation
Published Date
2020-01-08 22:15:11
(4 years ago)
Updated Date
2020-08-24 17:37:01
(4 years ago)

Affected Products

Microsoft

Mozilla

Opensuse

Configuration #1

AND
    CPE23 From Up To
OR  
  Mozilla Firefox prior 71.0 version cpe:2.3:a:mozilla:firefox < 71.0
OR  
  Running on/with
  Mozilla Firefox Esr prior 68.3 version cpe:2.3:a:mozilla:firefox_esr < 68.3
OR  
  Running on/with
  Mozilla Thunderbird prior 68.3 version cpe:2.3:a:mozilla:thunderbird < 68.3
OR  
  Running on/with
  Microsoft Windows cpe:2.3:o:microsoft:windows:-

Configuration #2

AND
    CPE23 From Up To
OR  
  Opensuse Leap 15.1 cpe:2.3:o:opensuse:leap:15.1