SMB Relaying Attack

firefox-esr is vulnerable to SMB Relaying Attack. A local attacker can deceive the Mozilla Maintenance Service into applying an unsigned update file by directing the service to an update file hosted on a malicious SMB server. This manipulation is possible because the service's requested write-loc...

Code injection

A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced after the signature check, before the use, because the write-lock requested by the service does not...

CVE-2023-29532

A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced after the signature check, before the use, because the write-lock requested by the service does not...

CVE-2023-29532

The Mozilla Foundation Security Advisory describes this flaw as: A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced after the signature check, before...

Mozilla Thunderbird < 102.10

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 102.10. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-15 advisory. - Mozilla developers Andrew Osmond, Sebastian Hengst, Andrew McCreight, and the Mozilla Fuzzing Team...