7.8

CVE-2020-15657

Firefox could be made to load attacker-supplied DLL files from the installation directory. This required an attacker that is already capable of placing files in the installation directory. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version < 79.0
   MicrosoftWindows Version-
MozillaFirefox ESR Version < 78.1
   MicrosoftWindows Version-
MozillaThunderbird Version < 78.1
   MicrosoftWindows Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.35% 0.27
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.9 3.4 10
AV:L/AC:M/Au:N/C:C/I:C/A:C
CWE-427 Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html
Third Party Advisory
https://www.mozilla.org/security/advisories/mfsa2020-30/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2020-32/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2020-33/
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1644954
Vendor Advisory
Issue Tracking
Permissions Required