CVE-2017-7796
MEDIUMFirefox < 55.0 - Arbitrary File Deletion via Windows Updater Logger Path Manipulation
Title source: llmDescription
On Windows systems, the logger run by the Windows updater deletes the file "update.log" before it runs in order to write a new log of that name. The path to this file is supplied at the command line to the updater and could be used in concert with another local exploit to delete a different file named "update.log" instead of the one intended. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Firefox < 55.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://www.mozilla.org/security/advisories/mfsa2017-18/
Issue Tracking, Patch, Vendor Advisory x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=1234401
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039124
Scores
CVSS v3
4.7
EPSS
0.0006
EPSS Percentile
17.9%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-20
Status
published
Products (1)
mozilla/firefox
< 55.0
Published
Jun 11, 2018
Tracked Since
Feb 18, 2026