Security News > 2022 > February > Mozilla fixes Firefox bug letting you get Windows admin privileges

Mozilla fixes Firefox bug letting you get Windows admin privileges
2022-02-08 16:56

Mozilla released a security update to address a high severity privilege escalation vulnerability found in the Mozilla Maintenance Service.

The Mozilla Maintenance Service is an optional Firefox and Thunderbird service that makes application updates possible in the background.

Mozilla fixed the privilege escalation security flaw tracked as CVE-2022-22753 today, with the release of Firefox 97.

"A Time-of-Check Time-of-Use bug existed in the Maintenance Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access," Mozilla explained.

Mozilla also said that Firefox 97 addresses multiple memory safety bugs found by Mozilla developers and community in Firefox 96 and Firefox ESR 91.5.

In December, Mozilla also fixed a critical memory corruption bug affecting its cross-platform Network Security Services cryptography libraries.


News URL

https://www.bleepingcomputer.com/news/security/mozilla-fixes-firefox-bug-letting-you-get-windows-admin-privileges/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-12-22 CVE-2022-22753 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Mozilla Firefox
A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused to grant Users write access to an arbitrary directory.
network
high complexity
mozilla CWE-367
7.1

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Mozilla 29 13 631 583 266 1493