Download
| Alert*
|
oval:org.secpod.oval:def:16378
Security researcher Seb Patane reported that the Mozilla Updater does not write-lock the MAR update file when it is in use by the Updater. This leaves open the possibility of altering the contents of the MAR file after the signature on the file has been verified as valid but before it has been used ... oval:org.secpod.oval:def:16396 Mozilla Updater in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 does not ensure exclusive access to a MAR file, which allows local users to gain privileges by creating a Trojan horse file after MAR ... oval:org.secpod.oval:def:15607 The host is missing a security update according to Mozilla advisory. The update is required to fix a security bypass vulnerability. A flaw is present in the application, which fails to properly lock the MAR file. Successful exploitation could allow attackers to replace the installed software with th ... oval:org.secpod.oval:def:15624 The host is installed with Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21, and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly lock the MAR ... |
