CVE-2015-0833
Description
Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 on Windows, when the Maintenance Service is not used, allow local users to gain privileges via a Trojan horse DLL in (1) the current working directory or (2) a temporary directory, as demonstrated by bcrypt.dll.
Risk Information
Base Score
8.4
MODERATE
Vector
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.052
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Update for SeaMonkey (2.35) | Windows |
| Update for Mozilla Firefox ESR (38.1.0) | Windows |
| Update for Mozilla Firefox ESR (38.1.1) | Windows |
| Update for Mozilla Firefox ESR (38.2) | Windows |
| Update for Mozilla Firefox ESR (38.2.1) | Windows |
| Update for Mozilla Firefox ESR (38.3.0) | Windows |
| Update for Mozilla Firefox ESR (38.4.0) | Windows |
| Update for Mozilla Firefox ESR (38.5.0) | Windows |
| Update for Mozilla Firefox ESR (38.5.1) | Windows |
| Update for Mozilla Firefox ESR (38.5.2) | Windows |
| Update for Mozilla Firefox ESR (38.6.0) | Windows |
| Update for Mozilla Firefox ESR (38.6.1) | Windows |
| Update for Mozilla Firefox ESR (38.7.0) | Windows |
| Vulnerability CVE-2015-0833 are affected in Mozilla Firefox 35.0.1 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 0.1 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 0.10.1 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 0.2 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 0.3 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 0.4 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 0.5 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 0.6 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 0.6.1 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 0.7 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 0.7.1 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 0.8 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 0.9 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 0.9.1 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 0.9.2 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 0.9.3 | Windows |
| Vulnerabilities CVE-2014-1484,CVE-2014-1501,CVE-2014-1527,CVE-2015-0833 are affected in Mozilla Firefox (x64) 0.9.rc | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 1.0 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 1.0.1 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 1.0.2 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 1.0.3 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 1.0.4 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 1.0.5 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 1.0.6 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 1.0.7 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 1.0.8 | Windows |
| Vulnerabilities CVE-2014-1484,CVE-2014-1501,CVE-2014-1527,CVE-2015-0833 are affected in Mozilla Firefox (x64) 1.0.preview_release | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 1.5 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 1.5.0.1 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 1.5.0.10 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 1.5.0.11 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 1.5.0.12 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 1.5.0.2 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 1.5.0.3 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 1.5.0.4 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 1.5.0.5 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 1.5.0.6 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 1.5.0.7 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 1.5.0.8 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 1.5.0.9 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 1.5.1 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 1.5.2 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 1.5.3 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 1.5.4 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 1.5.5 | Windows |
| Vulnerabilities CVE-2014-1484,CVE-2014-1501,CVE-2014-1527,CVE-2015-0833 are affected in Mozilla Firefox (x64) 1.5.beta1 | Windows |
| Vulnerabilities CVE-2014-1484,CVE-2014-1501,CVE-2014-1527,CVE-2015-0833 are affected in Mozilla Firefox (x64) 1.5.beta2 | Windows |
| Multiple Vulnerabilities are affected in Mozilla_Firefox 0.1 | Windows |
| Multiple Vulnerabilities are affected in Mozilla_Firefox 0.10.1 | Windows |
| Multiple Vulnerabilities are affected in Mozilla_Firefox 0.2 | Windows |
| Multiple Vulnerabilities are affected in Mozilla_Firefox 0.3 | Windows |
| Multiple Vulnerabilities are affected in Mozilla_Firefox 0.4 | Windows |
| Multiple Vulnerabilities are affected in Mozilla_Firefox 0.5 | Windows |
| Multiple Vulnerabilities are affected in Mozilla_Firefox 0.6 | Windows |
| Multiple Vulnerabilities are affected in Mozilla_Firefox 0.6.1 | Windows |
| Multiple Vulnerabilities are affected in Mozilla_Firefox 0.7 | Windows |
| Multiple Vulnerabilities are affected in Mozilla_Firefox 0.7.1 | Windows |
| Multiple Vulnerabilities are affected in Mozilla_Firefox 0.8 | Windows |
| Multiple Vulnerabilities are affected in Mozilla_Firefox 0.9 | Windows |
| Multiple Vulnerabilities are affected in Mozilla_Firefox 0.9.1 | Windows |
| Multiple Vulnerabilities are affected in Mozilla_Firefox 0.9.2 | Windows |
| Multiple Vulnerabilities are affected in Mozilla_Firefox 0.9.3 | Windows |
| Vulnerabilities CVE-2014-1484,CVE-2014-1501,CVE-2014-1527,CVE-2015-0833 are affected in Mozilla_Firefox 0.9.rc | Windows |
| Multiple Vulnerabilities are affected in Mozilla_Firefox 1.0 | Windows |
| Multiple Vulnerabilities are affected in Mozilla_Firefox 1.0.1 | Windows |
| Multiple Vulnerabilities are affected in Mozilla_Firefox 1.0.2 | Windows |
| Multiple Vulnerabilities are affected in Mozilla_Firefox 1.0.3 | Windows |
| Multiple Vulnerabilities are affected in Mozilla_Firefox 1.0.4 | Windows |
| Multiple Vulnerabilities are affected in Mozilla_Firefox 1.0.5 | Windows |
| Multiple Vulnerabilities are affected in Mozilla_Firefox 1.0.6 | Windows |
| Multiple Vulnerabilities are affected in Mozilla_Firefox 1.0.7 | Windows |
| Multiple Vulnerabilities are affected in Mozilla_Firefox 1.0.8 | Windows |
| Vulnerabilities CVE-2014-1484,CVE-2014-1501,CVE-2014-1527,CVE-2015-0833 are affected in Mozilla_Firefox 1.0.preview_release | Windows |
| Multiple Vulnerabilities are affected in Mozilla_Firefox 1.5 | Windows |
| Multiple Vulnerabilities are affected in Mozilla_Firefox 1.5.0.1 | Windows |
| Multiple Vulnerabilities are affected in Mozilla_Firefox 1.5.0.10 | Windows |
| Multiple Vulnerabilities are affected in Mozilla_Firefox 1.5.0.11 | Windows |
| Multiple Vulnerabilities are affected in Mozilla_Firefox 1.5.0.12 | Windows |
| Multiple Vulnerabilities are affected in Mozilla_Firefox 1.5.0.2 | Windows |
| Multiple Vulnerabilities are affected in Mozilla_Firefox 1.5.0.3 | Windows |
| Multiple Vulnerabilities are affected in Mozilla_Firefox 1.5.0.4 | Windows |
| Multiple Vulnerabilities are affected in Mozilla_Firefox 1.5.0.5 | Windows |
| Multiple Vulnerabilities are affected in Mozilla_Firefox 1.5.0.6 | Windows |
| Multiple Vulnerabilities are affected in Mozilla_Firefox 1.5.0.7 | Windows |
| Multiple Vulnerabilities are affected in Mozilla_Firefox 1.5.0.8 | Windows |
| Multiple Vulnerabilities are affected in Mozilla_Firefox 1.5.0.9 | Windows |
| Multiple Vulnerabilities are affected in Mozilla_Firefox 1.5.1 | Windows |
| Multiple Vulnerabilities are affected in Mozilla_Firefox 1.5.2 | Windows |
| Multiple Vulnerabilities are affected in Mozilla_Firefox 1.5.3 | Windows |
| Multiple Vulnerabilities are affected in Mozilla_Firefox 1.5.4 | Windows |
| Multiple Vulnerabilities are affected in Mozilla_Firefox 1.5.5 | Windows |
| Vulnerabilities CVE-2014-1484,CVE-2014-1501,CVE-2014-1527,CVE-2015-0833 are affected in Mozilla_Firefox 1.5.beta1 | Windows |
| Vulnerabilities CVE-2014-1484,CVE-2014-1501,CVE-2014-1527,CVE-2015-0833 are affected in Mozilla_Firefox 1.5.beta2 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Thunderbird 31.0 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Thunderbird 31.2 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 1.4.1 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 35.0.1 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox ESR (x64) 31.1 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox ESR (x64) 31.2 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox ESR (x64) 31.3 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox ESR (x64) 31.4 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox ESR (x64) 31.5 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox ESR 31.1 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox ESR 31.2 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox ESR 31.3 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox ESR 31.4 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox ESR 31.5 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Thunderbird 31.1.2 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Thunderbird 31.3 | Windows |
| Vulnerabilities CVE-2015-0833 are affected in Mozilla Thunderbird 31.4 | Windows |
| Multiple Vulnerabilities are affected in Mozilla_Firefox 1.4.1 | Windows |
| Multiple Vulnerabilities are affected in Mozilla_Firefox 35.0.1 | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-301494 | Update for SeaMonkey (2.35) |
| PATCH-302079 | Update for Mozilla Firefox ESR (38.1.0) |
| PATCH-302171 | Update for Mozilla Firefox ESR (38.1.1) |
| PATCH-302283 | Update for Mozilla Firefox ESR (38.2) |
| PATCH-302284 | Update for Mozilla Firefox ESR (38.2.1) |
| PATCH-302285 | Update for Mozilla Firefox ESR (38.3.0) |
| PATCH-302286 | Update for Mozilla Firefox ESR (38.4.0) |
| PATCH-302287 | Update for Mozilla Firefox ESR (38.5.0) |
| PATCH-302288 | Update for Mozilla Firefox ESR (38.5.1) |
| PATCH-302289 | Update for Mozilla Firefox ESR (38.5.2) |
| PATCH-302290 | Update for Mozilla Firefox ESR (38.6.0) |
| PATCH-302291 | Update for Mozilla Firefox ESR (38.6.1) |
| PATCH-302292 | Update for Mozilla Firefox ESR (38.7.0) |
| PATCH-343015 | Mozilla Firefox (132.0.2) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234