CVE-2017-7768

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2017-7768

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7768.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-7768

Downstream

SUSE-SU-2017:1669-1

SUSE-SU-2017:2235-1

Related

Published

2018-06-11T21:29:08.640Z

Modified

2026-03-15T22:17:58.877486Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

The Mozilla Maintenance Service can be invoked by an unprivileged user to read 32 bytes of any arbitrary file on the local system by convincing the service that it is reading a status file provided by the Mozilla Windows Updater. The Mozilla Maintenance Service executes with privileged access, bypassing system protections against unprivileged users. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54.

References

Affected packages

Git /

Affected ranges

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "52.2.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "54.0"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7768.json"