CVE-2015-2720 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2015-2720 Interim 1 3 2021-06-09T09:35:22Z current 2021-05-30T13:28:47Z 2021-06-09T09:35:22Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2015-2720 The update implementation in Mozilla Firefox before 38.0 on Windows does not ensure that the pathname for updater.exe corresponds to the application directory, which might allow local users to gain privileges via a Trojan horse file. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings The update implementation in Mozilla Firefox before 38.0 on Windows does not ensure that the pathname for updater.exe corresponds to the application directory, which might allow local users to gain privileges via a Trojan horse file. CVE-2015-2720 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P