mirror of
https://github.com/0xMarcio/cve.git
synced 2026-04-21 09:56:14 +02:00
0xMarcio
1.1 KiB
1.1 KiB
CVE-2017-5409
Description
The Mozilla Windows updater can be called by a non-privileged user to delete an arbitrary local file by passing a special path to the callback parameter through the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 45.8 and Firefox < 52.
POC
Reference
- https://bugzilla.mozilla.org/show_bug.cgi?id=1321814
- https://www.mozilla.org/security/advisories/mfsa2017-05/
Github
No PoCs found on GitHub currently.