20 matches found
EUVD-2015-2810
Malware in sbrugna...
EUVD-2012-1952
Malware in sbrugna...
EUVD-2015-0846
Malware in sbrugna...
CVE-2021-40846
An issue was discovered in Rhinode Trading Paints through 2.0.36. TP Updater.exe uses cleartext HTTP to check, and request, updates. Thus, attackers can man-in-the-middle a victim to download a malicious binary in place of the real update, with no SSL errors or warnings...
CVE-2020-15663
If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges. Although the Mozilla Maintenance Service does ensure that updater.exe is signed by Mozilla, the version could have been rolled back to ...
Remote Code Execution (RCE)
Firefox is vulnerable to remote code execution RCE. If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges. Although the Mozilla Maintenance Service does ensure that updater.exe is signed by...
Code injection
updater.exe in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows allows local users to write to arbitrary files by conducting a junction attack and waiting for an update operation by the Mozilla Maintenance Service...
CVE-2015-4505
updater.exe in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows allows local users to write to arbitrary files by conducting a junction attack and waiting for an update operation by the Mozilla Maintenance Service...
CVE-2015-4505
CVE-2015-4505 affects Mozilla Firefox on Windows (updater.exe) where local users can write to arbitrary files by abusing a junction attack during the Mozilla Maintenance Service update process. Root cause: a flaw in the updater path that permits writing arbitrary files during update. Impact in th...
Mozilla Firefox Multiple Vulnerabilities-01 (May 2015) - Windows
Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...
Mozilla Firefox 'updater.exe' Process Elevation of Privilege Vulnerability
Mozilla Firefox is a popular open source WEB browser. A vulnerability in Mozilla Firefox's handling of the 'updater.exe' process allows an attacker to elevate privileges by running the process from another directory instead of the application directory...
CVE-2015-0833
Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 on Windows, when the Maintenance Service is not used, allow local users to gain privileges via a Trojan horse DLL in 1 the current working...
Design/Logic Flaw
Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 on Windows, when the Maintenance Service is not used, allow local users to gain privileges via a Trojan horse DLL in 1 the current working...
CVE-2015-0833
CVE-2015-0833 affects Mozilla Firefox (pre-36.0), Firefox ESR (pre-31.x up to 31.5), and Thunderbird (pre-31.5) on Windows. It is a local privilege-escalation via untrusted search paths where a Trojan horse DLL (e.g., bcrypt.dll) in the current working directory or a temporary directory is loaded...
Mozilla Firefox ESR Multiple Vulnerabilities (Aug 2013) - Mac OS X
Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...
Mozilla Thunderbird ESR Multiple Vulnerabilities (Aug 2013) - Windows
Mozilla Thunderbird ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...
CVE-2013-1712
CVE-2013-1712 affects Mozilla updater in Firefox (before 23.0) and Firefox ESR 17.x (before 17.0.8), as well as Thunderbird (before 17.0.8 and ESR 17.x before 17.0.8) on Windows 7/Server 2008 R2/8/Server 2012. The issue is a local privilege escalation via untrusted search path Trojan horse DLLs l...
Mozilla Products Updater Service Privilege Escalation Vulnerabilities - Windows
Mozilla Firefox/Thunderbird/Seamonkey is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2012-1943
Untrusted search path vulnerability in Updater.exe in the Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allows local users to gain privileges via a Trojan horse wsock32.dll file in an application directory...
CVE-2012-1943
CVE-2012-1943 involves an untrusted search path vulnerability in Updater.exe of the Mozilla Updater Service on Windows, affecting Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9. The issue allows local privilege escalation through loading a Trojan horse wsock32.dll located in an application dir...