Description
Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 on Windows, when the Maintenance Service is not used, allow local users to gain privileges via a Trojan horse DLL in (1) the current working directory or (2) a temporary directory, as demonstrated by bcrypt.dll.
Published: 2015-02-25
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2015-0846 Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 on Windows, when the Maintenance Service is not used, allow local users to gain privileges via a Trojan horse DLL in (1) the current working directory or (2) a temporary directory, as demonstrated by bcrypt.dll.
History

Mon, 21 Oct 2024 14:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:mozilla:firefox_esr:31.0:*:*:*:*:*:*:*

Mon, 21 Oct 2024 13:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:mozilla:firefox_esr:31.1.1:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:31.1.1:*:*:*:*:*:*:*

Subscriptions

Microsoft Windows
Mozilla Firefox Firefox Esr Thunderbird
Opensuse Evergreen Opensuse
cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2024-08-06T04:26:11.160Z

Reserved: 2015-01-07T00:00:00.000Z

Link: CVE-2015-0833

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2015-02-25T11:59:13.673

Modified: 2026-05-06T22:30:45.220

Link: CVE-2015-0833

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses