Mozilla Firefox
Moderate fix1 remedy
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*
Moderate fix1 remedy
- < 138
Mozilla Thunderbird and Firefox Privilege Escalation Vulnerability via Update Mechanism
Vulnerability
Patched
A privilege escalation vulnerability has been identified in Mozilla Thunderbird and Firefox. The issue arises from the update mechanism, which allows a medium-integrity user process to disrupt the SYSTEM-level updater by manipulating file-locking behavior. This exploitation could enable an attacker to inject code into the user-privileged process, bypassing access controls and facilitating SYSTEM-level file operations on paths managed by a non-privileged user. As a result, this vulnerability could be exploited to escalate privileges.
Impact
Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing a user to gain elevated rights on the system.
Remediation
Users can update to Thunderbird 138 or Firefox 138. For Firefox ESR users, the update to version 128.10 is recommended.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
8.4impact
10.0exploitability
3.3remediation
7.7relevance
0.0threat
0.0urgency
2.9incentive
0.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.