CVE-2015-0833

2015-02-2511:59:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2015-0833

mozilla firefox

firefox esr

thunderbird

updater.exe

untrusted search path vulnerabilities

windows

privilege escalation

nvd

8.9 High

AI Score

Confidence

High

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

9.0%

JSON

Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 on Windows, when the Maintenance Service is not used, allow local users to gain privileges via a Trojan horse DLL in (1) the current working directory or (2) a temporary directory, as demonstrated by bcrypt.dll.

CPENameOperatorVersion
opensuse:evergreenopensuse evergreeneq11.4
opensuse:opensuseopensuseeq13.1
opensuse:opensuseopensuseeq13.2
mozilla:firefoxmozilla firefoxle35.0.1
mozilla:firefoxmozilla firefoxeq0.1
mozilla:firefoxmozilla firefoxeq0.2
mozilla:firefoxmozilla firefoxeq0.3
mozilla:firefoxmozilla firefoxeq0.4
mozilla:firefoxmozilla firefoxeq0.5
mozilla:firefoxmozilla firefoxeq0.6

CPE	Name	Operator	Version
opensuse:evergreen	opensuse evergreen	eq	11.4
opensuse:opensuse	opensuse	eq	13.1
opensuse:opensuse	opensuse	eq	13.2
mozilla:firefox	mozilla firefox	le	35.0.1
mozilla:firefox	mozilla firefox	eq	0.1
mozilla:firefox	mozilla firefox	eq	0.2
mozilla:firefox	mozilla firefox	eq	0.3
mozilla:firefox	mozilla firefox	eq	0.4
mozilla:firefox	mozilla firefox	eq	0.5
mozilla:firefox	mozilla firefox	eq	0.6