When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the updater service. External Reference: https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17009
Acknowledgments: Name: the Mozilla project Upstream: Robert Strong