4 matches found
SUSE CVE-2015-2720
The update implementation in Mozilla Firefox before 38.0 on Windows does not ensure that the pathname for updater.exe corresponds to the application directory, which might allow local users to gain privileges via a Trojan horse file...
Slackware 14.1 / current : mozilla-thunderbird (SSA:2015-192-01)
New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2015-192-01. The text itself is...
Mozilla Firefox Multiple Vulnerabilities-01 (May 2015) - Windows
Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...
CVE-2015-2720
Mozilla Firefox before 38.0 on Windows is affected by CVE-2015-2720 due to a flaw in the updater.exe path verification, which could let local attackers plant Trojan horse files to gain privileges. The vulnerability is documented in NVD and mirrored in OpenVAS/Nessus entries referencing the same C...