Privilege escalation vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird - CVE-2018-5174ID: oval:org.secpod.oval:def:45673 | Date: (C)2018-05-25 (M)2024-05-10 |
Class: VULNERABILITY | Family: windows |
Mozilla Firefox before 60.0, Firefox ESR or Thunderbird before 52.8 : In the Windows 10 April 2018 Update, Windows Defender SmartScreen honors the SEE_MASK_FLAG_NO_UI flag associated with downloaded files and will not show any UI. Files that are unknown and potentially dangerous will be allowed to run because SmartScreen will not prompt the user for a decision, and if the user is offline all files will be allowed to be opened because Windows wont prompt the user to ask what to do. Firefox incorrectly sets this flag when downloading files, leading to less secure behavior from SmartScreen.
Platform: |
Microsoft Windows Server 2022 |
Microsoft Windows 11 |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows Server 2012 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows 7 |
Microsoft Windows 8.1 |
Microsoft Windows Server 2019 |
Microsoft Windows Server 2016 |
Microsoft Windows 10 |
Product: |
Mozilla Firefox |
Mozilla Thunderbird |
Mozilla Firefox ESR |