Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:34205
HistoryFeb 14, 2022 - 9:43 a.m.

Directory Traversal

2022-02-1409:43:26
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
22
firefox
vulnerability
time-of-check
maintenance service
updater
windows
write access
arbitrary directory
operating systems

EPSS

0.002

Percentile

58.0%

firefox is vulnerable to directory traversal. The vulnerability exists due to a Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused to grant Users write access to an arbitrary directory. This bug only affects Firefox on Windows. Other operating systems are unaffected.

Affected configurations

Vulners
Node
-firefox\Matchedge89.0.1-r1
OR
-firefox\Matchedge89.0.1-r0
OR
-firefox\Matchedge95.0.1-r0
OR
-firefox\Matchedge90.0.2-r0
OR
-firefox\Matchedge74.0-r1
OR
-firefox\Matchedge73.0.1-r1
OR
-firefox\Matchedge74.0.1-r0
OR
-firefox\Matchedge85.0.2-r1
OR
-firefox\Matchedge89.0-r0
OR
-firefox\Matchedge90.0-r0
OR
-firefox\Matchedge76.0.1-r0
OR
-firefox\Matchedge88.0.1-r0
OR
-firefox\Matchedge94.0.2-r0
OR
-firefox\Matchedge93.0-r1
OR
-firefox\Matchedge95.0-r0
OR
-firefox\Matchedge85.0.2-r0
OR
-firefox\Matchedge87.0-r0
OR
-firefox\Matchedge76.0-r0
OR
-firefox\Matchedge89.0.2-r0
OR
-firefox\Matchedge88.0-r0
OR
-firefox\Matchedge76.0.1-r1
OR
-firefox\Matchedge75.0-r1
OR
-firefox\Matchedge94.0-r0
OR
-firefox\Matchedge75.0-r2
OR
-thunderbirdMatch68.8.0-r0
OR
-thunderbirdMatch91.5.0-r0
OR
-thunderbirdMatch68.6.0-r2
OR
-thunderbirdMatch78.9.0-r0
OR
-thunderbirdMatch68.5.0-r1
OR
-thunderbirdMatch91.3.2-r0
OR
-thunderbirdMatch78.9.0-r2
OR
-thunderbirdMatch78.7.0-r0
OR
-thunderbirdMatch78.9.0-r1
OR
-thunderbirdMatch91.4.0-r0
OR
-thunderbirdMatch78.9.0-r3
OR
-thunderbirdMatch68.7.0-r0
OR
-thunderbirdMatch68.7.0-r1
OR
-thunderbirdMatch68.8.1-r0
OR
-thunderbirdMatch91.4.1-r0
OR
-thunderbirdMatch68.6.0-r0
OR
-firefox\Matchedge89.0.1-r1
OR
-firefox\Matchedge89.0.1-r0
OR
-firefox\Matchedge95.0.1-r0
OR
-firefox\Matchedge90.0.2-r0
OR
-firefox\Matchedge74.0-r1
OR
-firefox\Matchedge73.0.1-r1
OR
-firefox\Matchedge74.0.1-r0
OR
-firefox\Matchedge85.0.2-r1
OR
-firefox\Matchedge89.0-r0
OR
-firefox\Matchedge90.0-r0
OR
-firefox\Matchedge76.0.1-r0
OR
-firefox\Matchedge88.0.1-r0
OR
-firefox\Matchedge94.0.2-r0
OR
-firefox\Matchedge93.0-r1
OR
-firefox\Matchedge95.0-r0
OR
-firefox\Matchedge85.0.2-r0
OR
-firefox\Matchedge87.0-r0
OR
-firefox\Matchedge76.0-r0
OR
-firefox\Matchedge89.0.2-r0
OR
-firefox\Matchedge88.0-r0
OR
-firefox\Matchedge76.0.1-r1
OR
-firefox\Matchedge75.0-r1
OR
-firefox\Matchedge94.0-r0
OR
-firefox\Matchedge75.0-r2
OR
-thunderbirdMatch68.8.0-r0
OR
-thunderbirdMatch91.5.0-r0
OR
-thunderbirdMatch68.6.0-r2
OR
-thunderbirdMatch78.9.0-r0
OR
-thunderbirdMatch68.5.0-r1
OR
-thunderbirdMatch91.3.2-r0
OR
-thunderbirdMatch78.9.0-r2
OR
-thunderbirdMatch78.7.0-r0
OR
-thunderbirdMatch78.9.0-r1
OR
-thunderbirdMatch91.4.0-r0
OR
-thunderbirdMatch78.9.0-r3
OR
-thunderbirdMatch68.7.0-r0
OR
-thunderbirdMatch68.7.0-r1
OR
-thunderbirdMatch68.8.1-r0
OR
-thunderbirdMatch91.4.1-r0
OR
-thunderbirdMatch68.6.0-r0
VendorProductVersionCPE
-firefox\edgecpe:2.3:a:-:firefox\:edge:89.0.1-r1:*:*:*:*:*:*:*
-firefox\edgecpe:2.3:a:-:firefox\:edge:89.0.1-r0:*:*:*:*:*:*:*
-firefox\edgecpe:2.3:a:-:firefox\:edge:95.0.1-r0:*:*:*:*:*:*:*
-firefox\edgecpe:2.3:a:-:firefox\:edge:90.0.2-r0:*:*:*:*:*:*:*
-firefox\edgecpe:2.3:a:-:firefox\:edge:74.0-r1:*:*:*:*:*:*:*
-firefox\edgecpe:2.3:a:-:firefox\:edge:73.0.1-r1:*:*:*:*:*:*:*
-firefox\edgecpe:2.3:a:-:firefox\:edge:74.0.1-r0:*:*:*:*:*:*:*
-firefox\edgecpe:2.3:a:-:firefox\:edge:85.0.2-r1:*:*:*:*:*:*:*
-firefox\edgecpe:2.3:a:-:firefox\:edge:89.0-r0:*:*:*:*:*:*:*
-firefox\edgecpe:2.3:a:-:firefox\:edge:90.0-r0:*:*:*:*:*:*:*
Rows per page:
1-10 of 401