6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
8.9%
Multiple untrusted search path vulnerabilities in updater.exe in Mozilla
Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before
31.5 on Windows, when the Maintenance Service is not used, allow local
users to gain privileges via a Trojan horse DLL in (1) the current working
directory or (2) a temporary directory, as demonstrated by bcrypt.dll.
www.mozilla.org/security/announce/2015/mfsa2015-12.html
bugzilla.mozilla.org/show_bug.cgi?id=945192
launchpad.net/bugs/cve/CVE-2015-0833
nvd.nist.gov/vuln/detail/CVE-2015-0833
security-tracker.debian.org/tracker/CVE-2015-0833
www.cve.org/CVERecord?id=CVE-2015-0833
www.mozilla.org/en-US/security/advisories/mfsa2015-12/