Back to bug 2228369
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Product Security DevOps Team | 2023-08-02 12:09:08 UTC | Resolution | --- | NOTABUG |
| Status | NEW | CLOSED | ||
| Last Closed | 2023-08-02 12:09:08 UTC | |||
| RaTasha Tillery-Smith | 2023-08-02 13:11:08 UTC | Doc Text | The Mozilla Foundation Security Advisory describes this flaw as: The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary file deletion controlled by the non-privileged user. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* | A flaw was found in Mozilla. The Mozilla Foundation Security Advisory described the issue of the Firefox updater creating a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creating a junction (a form of symbolic link) to allow arbitrary file deletion controlled by the non-privileged user. This bug only affects Firefox on Windows. Other operating systems are unaffected. |
| Dhananjay Arunesh | 2023-08-03 07:21:35 UTC | CC | nobody | |
| Dhananjay Arunesh | 2023-08-04 10:05:10 UTC | Fixed In Version | firefox 115.1 | firefox 115.1, thunderbird 115.1 |
Back to bug 2228369