[CVE-2014-1520] NOT FIXED: privilege escalation via Mozilla's executable installers

Posted by Stefan Kanthak on Jun 15

Hi @ll,

<https://bugzilla.mozilla.org/show_bug.cgi?id=961676> should
have fixed CVE-2014-1520 in Mozilla’s executable installers for
Windows … but does NOT!

JFTR: this type of vulnerability (really: a bloody stupid trivial
beginner’s error!) is well-known and well-documented as
<https://cwe.mitre.org/data/definitions/379.html>.

Proof of concept/demonstration:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

0. download…

Leave a Reply