CVE Vulnerabilities

CVE-2015-2720

Published: May 14, 2015 | Modified: Jan 03, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.4 MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

The update implementation in Mozilla Firefox before 38.0 on Windows does not ensure that the pathname for updater.exe corresponds to the application directory, which might allow local users to gain privileges via a Trojan horse file.

Affected Software

Name Vendor Start Version End Version
Firefox Mozilla * 37.0.2 (including)
Firefox Ubuntu upstream *

References