Home

CVE-2015-2720

Description

The update implementation in Mozilla Firefox before 38.0 on Windows does not ensure that the pathname for updater.exe corresponds to the application directory, which might allow local users to gain privileges via a Trojan horse file.

Risk Information

Base Score
7.3
MODERATE
Vector
AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.077

Associated Vulnerability

VulnerabilityOS Platform
Update for SeaMonkey (2.35)Windows
Update for Mozilla Firefox ESR (38.1.0)Windows
Update for Mozilla Firefox ESR (38.1.1)Windows
Update for Mozilla Firefox ESR (38.2)Windows
Update for Mozilla Firefox ESR (38.2.1)Windows
Update for Mozilla Firefox ESR (38.3.0)Windows
Update for Mozilla Firefox ESR (38.4.0)Windows
Update for Mozilla Firefox ESR (38.5.0)Windows
Update for Mozilla Firefox ESR (38.5.1)Windows
Update for Mozilla Firefox ESR (38.5.2)Windows
Update for Mozilla Firefox ESR (38.6.0)Windows
Update for Mozilla Firefox ESR (38.6.1)Windows
Update for Mozilla Firefox ESR (38.7.0)Windows
Multiple Vulnerabilities are affected in Mozilla Firefox 37.0.2Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-301494Update for SeaMonkey (2.35)
PATCH-302079Update for Mozilla Firefox ESR (38.1.0)
PATCH-302171Update for Mozilla Firefox ESR (38.1.1)
PATCH-302283Update for Mozilla Firefox ESR (38.2)
PATCH-302284Update for Mozilla Firefox ESR (38.2.1)
PATCH-302285Update for Mozilla Firefox ESR (38.3.0)
PATCH-302286Update for Mozilla Firefox ESR (38.4.0)
PATCH-302287Update for Mozilla Firefox ESR (38.5.0)
PATCH-302288Update for Mozilla Firefox ESR (38.5.1)
PATCH-302289Update for Mozilla Firefox ESR (38.5.2)
PATCH-302290Update for Mozilla Firefox ESR (38.6.0)
PATCH-302291Update for Mozilla Firefox ESR (38.6.1)
PATCH-302292Update for Mozilla Firefox ESR (38.7.0)
PATCH-343015Mozilla Firefox (132.0.2)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234