Full Disclosure

[CVE-2014-1520] NOT FIXED: privilege escalation via Mozilla's executable installers

June 15, 2016 007admin Leave a comment

Posted by Stefan Kanthak on Jun 15

Hi @ll,

<https://bugzilla.mozilla.org/show_bug.cgi?id=961676> should
have fixed CVE-2014-1520 in Mozilla’s executable installers for
Windows … but does NOT!

JFTR: this type of vulnerability (really: a bloody stupid trivial
beginner’s error!) is well-known and well-documented as
<https://cwe.mitre.org/data/definitions/379.html>.

Proof of concept/demonstration:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

0. download…

Leave a Reply Cancel reply

You must be logged in to post a comment.

Software and Security Information