Security News > 2022 > February > Mozilla fixes Firefox bug letting you get Windows admin privileges
Mozilla released a security update to address a high severity privilege escalation vulnerability found in the Mozilla Maintenance Service.
The Mozilla Maintenance Service is an optional Firefox and Thunderbird service that makes application updates possible in the background.
Mozilla fixed the privilege escalation security flaw tracked as CVE-2022-22753 today, with the release of Firefox 97.
"A Time-of-Check Time-of-Use bug existed in the Maintenance Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access," Mozilla explained.
Mozilla also said that Firefox 97 addresses multiple memory safety bugs found by Mozilla developers and community in Firefox 96 and Firefox ESR 91.5.
In December, Mozilla also fixed a critical memory corruption bug affecting its cross-platform Network Security Services cryptography libraries.
News URL
Related news
- Mozilla really wants you to easily set Firefox as default Windows browser (source)
- Mozilla really wants you to set Firefox as default Windows browser (source)
- RomCom hackers chained Firefox and Windows zero-days to deliver backdoor (source)
- RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks (source)
- Firefox and Windows zero-days exploited by Russian RomCom hackers (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-12-22 | CVE-2022-22753 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Mozilla Firefox A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused to grant Users write access to an arbitrary directory. | 7.1 |