Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2019-11736 | First vendor Publication | 2019-09-27 |
Vendor | Cve | Last vendor Modification | 2019-10-05 |
Security-Database Scoring CVSS v3
Cvss vector : CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | |||
---|---|---|---|
Overall CVSS Score | 7 | ||
Base Score | 7 | Environmental Score | 7 |
impact SubScore | 5.9 | Temporal Score | 7 |
Exploitabality Sub Score | 1 | ||
Attack Vector | Local | Attack Complexity | High |
Privileges Required | Low | User Interaction | None |
Scope | Unchanged | Confidentiality Impact | High |
Integrity Impact | High | Availability Impact | High |
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 4.4 | Attack Range | Local |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 3.4 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The Mozilla Maintenance Service does not guard against files being hardlinked to another file in the updates directory, allowing for the replacement of local files, including the Maintenance Service executable, which is run with privileged access. Additionally, there was a race condition during checks for junctions and symbolic links by the Maintenance Service, allowing for potential local file and directory manipulation to be undetected in some circumstances. This allows for potential privilege escalation by a user with unprivileged local access. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11736 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-362 | Race Condition |
CPE : Common Platform Enumeration
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-02-10 01:55:33 |
|
2024-02-02 02:00:13 |
|
2024-02-01 12:16:40 |
|
2023-09-05 12:57:57 |
|
2023-09-05 01:16:21 |
|
2023-09-02 12:57:14 |
|
2023-09-02 01:16:38 |
|
2023-08-12 13:01:04 |
|
2023-08-12 01:15:56 |
|
2023-08-11 12:54:57 |
|
2023-08-11 01:16:22 |
|
2023-08-06 12:53:19 |
|
2023-08-06 01:15:52 |
|
2023-08-04 12:53:35 |
|
2023-08-04 01:16:01 |
|
2023-07-14 12:53:34 |
|
2023-07-14 01:15:58 |
|
2023-04-01 01:45:14 |
|
2023-03-29 01:54:56 |
|
2023-03-28 12:16:17 |
|
2022-10-11 12:47:52 |
|
2022-10-11 01:15:53 |
|
2022-04-26 01:41:43 |
|
2020-10-14 01:24:18 |
|
2020-10-03 01:24:39 |
|
2020-05-29 01:22:03 |
|
2020-05-23 02:21:47 |
|
2019-10-06 21:20:41 |
|
2019-10-05 12:11:01 |
|
2019-10-02 17:18:49 |
|
2019-09-28 12:10:54 |
|