Description
Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 on Windows, when the Maintenance Service is not used, allow local users to gain privileges via a Trojan horse DLL in (1) the current working directory or (2) a temporary directory, as demonstrated by bcrypt.dll.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | n/a | affected |
|
Configuration 1 [-]
|
Configuration 2 [-]
| AND |
|
Configuration 3 [-]
| AND |
|
Configuration 4 [-]
| AND |
|
No data.
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2015-0846 | Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 on Windows, when the Maintenance Service is not used, allow local users to gain privileges via a Trojan horse DLL in (1) the current working directory or (2) a temporary directory, as demonstrated by bcrypt.dll. |
References
History
Mon, 21 Oct 2024 14:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs |
Mon, 21 Oct 2024 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:2.3:a:mozilla:firefox:31.1.1:*:*:*:*:*:*:* |
MITRE
Status: PUBLISHED
Assigner: mozilla
Published:
Updated: 2024-08-06T04:26:11.160Z
Reserved: 2015-01-07T00:00:00.000Z
Link: CVE-2015-0833
Vulnrichment
No data.
NVD
Status : Deferred
Published: 2015-02-25T11:59:13.673
Modified: 2025-04-12T10:46:40.837
Link: CVE-2015-0833
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses