How severe is CVE-2020-15663?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2020-15663?

This is classified as CWE-427, which is a common weakness in software security.

CVE-2020-15663

HIGH Year: 2020

CVSS v3 Score

8.8

High

CVSS v2 Score

9.3

Critical

Weakness Type

CWE-427

View all →

Vulnerability Description

If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges. Although the Mozilla Maintenance Service does ensure that updater.exe is signed by Mozilla, the version could have been rolled back to a previous version which would have allowed exploitation of an older bug and arbitrary code execution with System Privileges. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 80, Thunderbird < 78.2, Thunderbird < 68.12, Firefox ESR < 68.12, and Firefox ESR < 78.2.

CVE-2017-7966

HIGH

CVSS:8.8(High)

A DLL Hijacking vulnerability in the programming software in Schneider Electric's SoMachine HVAC v2.1.0 allows a remote attacker to execute arbitrary code on the targeted system. The vulnerability exi...

CWE-4272017

CVE-2020-10616

HIGH

CVSS:8.8(High)

Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC does not specify the path of multiple imported .dll files. Therefore, an attacker can replace them and execute code whenever the service starts.

CWE-4272020

CVE-2021-3840

HIGH

CVSS:8.8(High)

A dependency confusion vulnerability was reported in the Antilles open-source software prior to version 1.0.1 that could allow for remote code execution during installation due to a package listed in ...

CWE-4272021

CVE-2022-4313

HIGH

CVSS:8.8(High)

A vulnerability was reported where through modifying the scan variables, an authenticated user in Tenable products, that has Scan Policy Configuration roles, could manipulate audit policy variables to...

CWE-4272022

CVE-2023-2005

HIGH

CVSS:8.8(High)

Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.This issue affects Tenable.Io: before Plugin Feed ID #202306261202 ; Nessus: before Plugin Feed ID #202306261202 ; Security...

CWE-4272023

CVE-2023-23554

HIGH

CVSS:8.8(High)

Uncontrolled search path element vulnerability exists in pg_ivm versions prior to 1.5.1. When refreshing an IMMV, pg_ivm executes functions without specifying schema names. Under certain conditions, p...

CWE-4272023

CVE-2020-15663

Vulnerability Description

Related Vulnerabilities

CVE-2017-7966

CVE-2020-10616

CVE-2021-3840

CVE-2022-4313

CVE-2023-2005

CVE-2023-23554