CVE-2019-11753: High severity firefox esr vulnerability

Published Sep 3, 2019
·
Updated

The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation by unprivileged users or malware. If the Mozilla Maintenance Service is manipulated to update this unprotected location and the updated maintenance service in the unprotected location has been altered, the altered maintenance service can run with elevated privileges during the update process due to a lack of integrity checks. This allows for privilege escalation if the executable has been replaced locally. <br>Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.. This vulnerability affects Firefox < 69, Firefox ESR < 60.9, and Firefox ESR < 68.1.

Other sources

The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation by unprivileged users or malware. If the Mozilla Maintenance Service is manipulated to update this unprotected location and the updated maintenance service in the unprotected location has been altered, the altered maintenance service can run with elevated privileges during the update process due to a lack of integrity checks. This allows for privilege escalation if the executable has been replaced locally. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.

Affected Software

11 affected componentsFixes available
Mozilla Firefox ESR<68.1
68.1
Mozilla Firefox<69
69
Mozilla Firefox ESR<60.9
60.9
Mozilla Firefox<69.0
Mozilla Firefox ESR<60.9.0
Mozilla Firefox ESR>=68.0<68.1.0
Microsoft Windows
All of the following
Any of the following
Mozilla Firefox<60.9.0
Mozilla Firefox<69.0
Mozilla Firefox ESR>=68.0<68.1.0
Microsoft Windows

Event History

Sep 3, 2019
CVE Published
12:00 AM
Sep 27, 2019
CVE Published
via MITRE·05:13 PM
Data Sourced
via MITRE·05:13 PM
DescriptionWeakness
Data Sourced
via NVD·06:15 PM
DescriptionSeverityWeaknessAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Peer vulnerabilities

Found alongside the following vulnerabilities.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the vulnerability ID?

The vulnerability ID is CVE-2019-11753.

2

What is the severity of CVE-2019-11753?

The severity of CVE-2019-11753 is high.

3

Which software are affected by CVE-2019-11753?

CVE-2019-11753 affects Mozilla Firefox ESR versions 68.1 and 60.9, as well as Mozilla Firefox version up to 69.

4

How does CVE-2019-11753 leave Firefox vulnerable?

CVE-2019-11753 allows the Firefox installer to be installed to a custom user writable location, leaving it unprotected from manipulation by unprivileged users or malware.

5

Is there a fix available for CVE-2019-11753?

Yes, Mozilla has released updates to address the vulnerability. It is recommended to update to the latest version of Mozilla Firefox or Mozilla Firefox ESR.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203
CVE-2019-11753 - High severity firefox esr vulnerability - SecAlerts