Endpoint Vulnerability

Files extracted during updates are not always read only

Description

Security researcher Ash reported an issue where the extracted files for updates to existing files are not read only during the update process. This allows for the potential replacement or modification of these files during the update process if a malicious application is present on the local system.

Affected Products

SeaMonkey

References

CVE-2014-1496,