ByteOS Network

NVD Vulnerability Details :

CVE-2017-7768

Analyzed

Source-security@mozilla.org

Published At-11 Jun, 2018 | 21:29

Updated At-13 Aug, 2018 | 13:18

The Mozilla Maintenance Service can be invoked by an unprivileged user to read 32 bytes of any arbitrary file on the local system by convincing the service that it is reading a status file provided by the Mozilla Windows Updater. The Mozilla Maintenance Service executes with privileged access, bypassing system protections against unprivileged users. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	5.5	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary	2.0	2.1	LOW	AV:L/AC:L/Au:N/C:P/I:N/A:N

CPE Matches

Mozilla Corporation

>>firefox>>Versions before 54.0(exclusive)

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

Mozilla Corporation

>>firefox_esr>>Versions before 52.2.0(exclusive)

cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*

Microsoft Corporation

>>windows>>-

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-200	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
http://www.securityfocus.com/bid/99057	security@mozilla.org	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1038689	security@mozilla.org	Third Party Advisory VDB Entry
https://bugzilla.mozilla.org/show_bug.cgi?id=1336979	security@mozilla.org	Issue Tracking Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2017-15/	security@mozilla.org	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2017-16/	security@mozilla.org	Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History