CVE-2017-7760 (retired)

The Mozilla Windows updater modifies some files to be updated by reading
the original file and applying changes to it. The location of the original
file can be altered by a malicious user by passing a special path to the
callback parameter through the Mozilla Maintenance Service, allowing the
manipulation of files in the installation directory and privilege
escalation by manipulating the Mozilla Maintenance Service, which has
privileged access. Note: This attack requires local system access and only
affects Windows. Other operating systems are not affected. This
vulnerability affects Firefox ESR < 52.2 and Firefox < 54.
chrisccoulsonWindows only
Upstream:released (54.0)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
More Information

Updated: 2019-10-09 08:01:45 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)