Vulnerability-Lookup

CVE-2017-7766 (GCVE-0-2017-7766)

Vulnerability from cvelistv5 – Published: 2018-06-11 21:00 – Updated: 2024-08-05 16:12

Summary

An attack using manipulation of "updater.ini" contents, used by the Mozilla Windows Updater, and privilege escalation through the Mozilla Maintenance Service to allow for arbitrary file execution and deletion by the Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54.

Severity ?

No CVSS data available.

CWE

File execution and privilege escalation through updater.ini, Mozilla Windows Updater, and Mozilla Maintenance Service

Assigner

mozilla

References

URL

FKIE_CVE-2017-7766

Vulnerability from fkie_nvd - Published: 2018-06-11 21:29 - Updated: 2025-11-25 17:50

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security@mozilla.org	http://www.securityfocus.com/bid/99057	Third Party Advisory, VDB Entry
security@mozilla.org	http://www.securitytracker.com/id/1038689	Third Party Advisory, VDB Entry
security@mozilla.org	https://bugzilla.mozilla.org/show_bug.cgi?id=1342742	Issue Tracking, Vendor Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2017-15/	Vendor Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2017-16/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/99057	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1038689	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.mozilla.org/show_bug.cgi?id=1342742	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mozilla.org/security/advisories/mfsa2017-15/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mozilla.org/security/advisories/mfsa2017-16/	Vendor Advisory

Impacted products

Vendor	Product	Version
mozilla	firefox	*
mozilla	firefox	*
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F5DBE64-6529-4705-869D-4FD030CFADE0",
              "versionEndExcluding": "52.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "12FE3109-0EE6-49DC-974A-E522F55B17E1",
              "versionEndExcluding": "54.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An attack using manipulation of \"updater.ini\" contents, used by the Mozilla Windows Updater, and privilege escalation through the Mozilla Maintenance Service to allow for arbitrary file execution and deletion by the Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR \u003c 52.2 and Firefox \u003c 54."
    },
    {
      "lang": "es",
      "value": "Un ataque que emplea la manipulaci\u00f3n del contenido de \"updater.ini\", empleado por Mozilla Windows Updater, y un escalado de privilegios mediante Mozilla Maintenance Service permite la ejecuci\u00f3n y eliminaci\u00f3n de archivos arbitrarios por parte de Maintenance Service, que tiene acceso privilegiado. Nota: Este ataque requiere acceso local al sistema y solo afecta a Windows. Otros sistemas operativos no se han visto afectados. La vulnerabilidad afecta a Firefox ESR en versiones anteriores a la 52.2 y Firefox en versiones anteriores a la 54."
    }
  ],
  "id": "CVE-2017-7766",
  "lastModified": "2025-11-25T17:50:16.803",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-06-11T21:29:08.530",
  "references": [
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99057"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038689"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1342742"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2017-15/"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2017-16/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99057"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038689"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1342742"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2017-15/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2017-16/"
    }
  ],
  "sourceIdentifier": "security@mozilla.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2017-12556

Vulnerability from cnvd - Published: 2017-07-03

Title

Mozilla Firefox和Firefox ESR for Windows存在未明漏洞（CNVD-2017-12556）

Description

Mozilla Firefox for Windows是美国Mozilla基金会的一款基于Windows平台的开源Web浏览器。Firefox ESR for Windows是Firefox的一个基于Windows平台的延长支持版本。基于Windows平台的Mozilla Firefox 54之前的版本和Firefox ESR 52.2之前的版本中存在安全漏洞。攻击者可借助Mozilla Maintenance Service利用该漏洞执行和删除任意文件。

Severity

中

Patch Name

Mozilla Firefox和Firefox ESR for Windows存在未明漏洞（CNVD-2017-12556）的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/

Reference

http://www.securityfocus.com/bid/99057

Impacted products

Name
['Mozilla Firefox <54', 'mozilla Firefox ESR <52.2']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "99057"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-7766"
    }
  },
  "description": "Mozilla Firefox for Windows\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u57fa\u4e8eWindows\u5e73\u53f0\u7684\u5f00\u6e90Web\u6d4f\u89c8\u5668\u3002Firefox ESR for Windows\u662fFirefox\u7684\u4e00\u4e2a\u57fa\u4e8eWindows\u5e73\u53f0\u7684\u5ef6\u957f\u652f\u6301\u7248\u672c\u3002\r\n\r\n\u57fa\u4e8eWindows\u5e73\u53f0\u7684Mozilla Firefox 54\u4e4b\u524d\u7684\u7248\u672c\u548cFirefox ESR 52.2\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9Mozilla Maintenance Service\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u548c\u5220\u9664\u4efb\u610f\u6587\u4ef6\u3002",
  "discovererName": "Nils, Tobias Klein, Yuji Tounai of NTT Communications, Abhishek Arya, F. Alonso (revskills), Holger Fuhrmannek, Tyson Smith, Nicolas Trippar of Zimperium zLabs, Michal Bentkowski, Samuel Erb, Jonathan Birch and Microsoft Vulnerability Research, and Seb Pat",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-15/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-12556",
  "openTime": "2017-07-03",
  "patchDescription": "Mozilla Firefox for Windows\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u57fa\u4e8eWindows\u5e73\u53f0\u7684\u5f00\u6e90Web\u6d4f\u89c8\u5668\u3002Firefox ESR for Windows\u662fFirefox\u7684\u4e00\u4e2a\u57fa\u4e8eWindows\u5e73\u53f0\u7684\u5ef6\u957f\u652f\u6301\u7248\u672c\u3002\r\n\r\n\u57fa\u4e8eWindows\u5e73\u53f0\u7684Mozilla Firefox 54\u4e4b\u524d\u7684\u7248\u672c\u548cFirefox ESR 52.2\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9Mozilla Maintenance Service\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u548c\u5220\u9664\u4efb\u610f\u6587\u4ef6\u3002 \u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Mozilla Firefox\u548cFirefox ESR for Windows\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2017-12556\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Mozilla Firefox \u003c54",
      "mozilla Firefox ESR \u003c52.2"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/99057",
  "serverity": "\u4e2d",
  "submitTime": "2017-06-23",
  "title": "Mozilla Firefox\u548cFirefox ESR for Windows\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2017-12556\uff09"
}

GSD-2017-7766

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-7766

Aliases

CVE-2017-7766

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-7766",
    "description": "An attack using manipulation of \"updater.ini\" contents, used by the Mozilla Windows Updater, and privilege escalation through the Mozilla Maintenance Service to allow for arbitrary file execution and deletion by the Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR \u003c 52.2 and Firefox \u003c 54.",
    "id": "GSD-2017-7766",
    "references": [
      "https://www.suse.com/security/cve/CVE-2017-7766.html",
      "https://advisories.mageia.org/CVE-2017-7766.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-7766"
      ],
      "details": "An attack using manipulation of \"updater.ini\" contents, used by the Mozilla Windows Updater, and privilege escalation through the Mozilla Maintenance Service to allow for arbitrary file execution and deletion by the Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR \u003c 52.2 and Firefox \u003c 54.",
      "id": "GSD-2017-7766",
      "modified": "2023-12-13T01:21:07.082048Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@mozilla.org",
        "ID": "CVE-2017-7766",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Firefox ESR",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "52.2"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Firefox",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "54"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Mozilla"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An attack using manipulation of \"updater.ini\" contents, used by the Mozilla Windows Updater, and privilege escalation through the Mozilla Maintenance Service to allow for arbitrary file execution and deletion by the Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR \u003c 52.2 and Firefox \u003c 54."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "File execution and privilege escalation through updater.ini, Mozilla Windows Updater, and Mozilla Maintenance Service"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "99057",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/99057"
          },
          {
            "name": "https://www.mozilla.org/security/advisories/mfsa2017-15/",
            "refsource": "CONFIRM",
            "url": "https://www.mozilla.org/security/advisories/mfsa2017-15/"
          },
          {
            "name": "1038689",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1038689"
          },
          {
            "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1342742",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1342742"
          },
          {
            "name": "https://www.mozilla.org/security/advisories/mfsa2017-16/",
            "refsource": "CONFIRM",
            "url": "https://www.mozilla.org/security/advisories/mfsa2017-16/"
          }
        ]
      }
    },
    "mozilla.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@mozilla.org",
        "ID": "CVE-2017-7766"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Firefox",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "54"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Firefox ESR",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "52.2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Mozilla"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An attack using manipulation of \u003ccode\u003eupdater.ini\u003c/code\u003e contents, used by the Mozilla Windows Updater, and privilege escalation through the Mozilla Maintenance Service to allow for arbitrary file execution and deletion by the Maintenance Service, which has privileged access. \u003cbr\u003e*Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.*. This vulnerability affects Firefox \u003c 54 and Firefox ESR \u003c 52.2."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "File execution and privilege escalation through updater.ini, Mozilla Windows Updater, and Mozilla Maintenance Service"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "url": "https://www.mozilla.org/security/advisories/mfsa2017-15/"
          },
          {
            "url": "https://www.mozilla.org/security/advisories/mfsa2017-16/"
          },
          {
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1342742"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "54.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "52.2.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2017-7766"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An attack using manipulation of \"updater.ini\" contents, used by the Mozilla Windows Updater, and privilege escalation through the Mozilla Maintenance Service to allow for arbitrary file execution and deletion by the Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR \u003c 52.2 and Firefox \u003c 54."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2017-16/",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.mozilla.org/security/advisories/mfsa2017-16/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2017-15/",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.mozilla.org/security/advisories/mfsa2017-15/"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1342742",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Vendor Advisory"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1342742"
            },
            {
              "name": "1038689",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1038689"
            },
            {
              "name": "99057",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/99057"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2018-06-11T21:29Z"
    }
  }
}

GHSA-W9C7-GP5Q-HH44

Vulnerability from github – Published: 2022-05-13 01:47 – Updated: 2025-11-25 18:32

Details

Severity ?

7.8 (High)


                  
                    CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-7766"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-06-11T21:29:00Z",
    "severity": "HIGH"
  },
  "details": "An attack using manipulation of \"updater.ini\" contents, used by the Mozilla Windows Updater, and privilege escalation through the Mozilla Maintenance Service to allow for arbitrary file execution and deletion by the Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR \u003c 52.2 and Firefox \u003c 54.",
  "id": "GHSA-w9c7-gp5q-hh44",
  "modified": "2025-11-25T18:32:08Z",
  "published": "2022-05-13T01:47:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7766"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1342742"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2017-15"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2017-16"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/99057"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1038689"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2017-AVI-174

Vulnerability from certfr_avis - Published: 2017-06-14 - Updated: 2017-06-14

De multiples vulnérabilités ont été corrigées dans Mozilla Firefox. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Firefox	Firefox ESR versions antérieures à 52.2
	Mozilla	Firefox	Firefox versions antérieures à 54

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-7766 (GCVE-0-2017-7766)

FKIE_CVE-2017-7766

CNVD-2017-12556

GSD-2017-7766

GHSA-W9C7-GP5Q-HH44

CERTFR-2017-AVI-174

Solution

Tags

Sightings

Nomenclature