← Back

CVE-2017-7761

nvd nist
Published: Jun 11, 2018Modified: Nov 25, 2025

JSON object

Loading...
5.5
Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Exploitability: 1.8 / Impact: 3.6
Source: NVD

Description

The Mozilla Maintenance Service "helper.exe" application creates a temporary directory writable by non-privileged users. When this is combined with creation of a junction (a form of symbolic link), protected files in the target directory of the junction can be deleted by the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54.

Affected (2)

Products: Mozilla: Firefox
Mozilla
1 product
Firefox
Configuration A
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Mozilla
Firefox
Before 52.2.0
Firefox
Before 54.0
Running on/withPlatform Versions
Microsoft
Windows
All versions

Related CWEs

CWE-276
Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.

References (12)

Source: security@mozilla.org
Third Party AdvisoryVDB Entry
Source: security@mozilla.org
Third Party AdvisoryVDB Entry
Source: security@mozilla.org
Issue TrackingVendor Advisory
Source: security@mozilla.org
Issue TrackingThird Party Advisory
Source: security@mozilla.org
Vendor Advisory
Source: security@mozilla.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.