CVE-2017-7796

Sažetak

On Windows systems, the logger run by the Windows updater deletes the file "update.log" before it runs in order to write a new log of that name. The path to this file is supplied at the command line to the updater and could be used in concert with another local exploit to delete a different file named "update.log" instead of the one intended. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Firefox < 55.

Reference

http://www.securitytracker.com/id/1039124
https://bugzilla.mozilla.org/show_bug.cgi?id=1234401
https://www.mozilla.org/security/advisories/mfsa2017-18/

CVSS

Base:	3.3
Impact:	4.9
Exploitability:	3.4

Pristup

Vektor	Složenost	Autentikacija
LOCAL	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	PARTIAL

CVSS vektor

AV:L/AC:M/Au:N/C:N/I:P/A:P

Zadnje važnije ažuriranje

09-08-2018 - 18:11

Objavljeno

11-06-2018 - 21:29