CVE-2019-17009
CVSS v3.1
7.8 (High)
CVSS v2.0
4.6 (Medium)
EPSS
0.04 % (15th)
Affected Products
5
Advisories
11
When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the updater service. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
- CVE Status
- PUBLISHED
- CNA
- Mozilla Corporation
- Published Date
-
2020-01-08 22:15:11
(4 years ago) - Updated Date
-
2020-08-24 17:37:01
(4 years ago)
Affected Products
Loading...
Loading...
Configuration #1
AND |
|
---|
Configuration #2
AND |
|
---|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...