CVE-2017-7755
HIGHFirefox < 54 and Firefox ESR < 52.2 - Untrusted Search Path DLL Loading
Title source: llmDescription
The Firefox installer on Windows can be made to load malicious DLL files stored in the same directory as the installer when it is run. This allows privileged execution if the installer is run with elevated privileges. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/99057
Vendor Advisory x_refsource_confirm
https://www.mozilla.org/security/advisories/mfsa2017-15/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1038689
Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=1361326
Vendor Advisory x_refsource_confirm
https://www.mozilla.org/security/advisories/mfsa2017-17/
Vendor Advisory x_refsource_confirm
https://www.mozilla.org/security/advisories/mfsa2017-16/
Scores
CVSS v3
7.8
EPSS
0.0076
EPSS Percentile
73.7%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-426
Status
published
Products (2)
mozilla/firefox
< 52.2.0
mozilla/thunderbird
< 52.2.0
Published
Jun 11, 2018
Tracked Since
Feb 18, 2026