VulnerableCode Package Details - pkg:mozilla/Firefox%20ESR@115.23.0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:mozilla/Firefox%20ESR@115.23.0

Essentials
History (1)

purl	pkg:mozilla/Firefox%20ESR@115.23.0

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-754j-7erb-z7ae	Mozilla Firefox's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled by a non-privileged user and enabling privilege escalation.	CVE-2025-2817

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T13:16:50.624411+00:00	Mozilla Importer	Fixing	VCID-754j-7erb-z7ae	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2025/mfsa2025-30.yml	38.0.0