CVE-2013-1672
medium
CVSS v3
—
CVSS v2
6.9
VIR risk
6.9
Description
The Mozilla Maintenance Service in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 on Windows allows local users to bypass integrity verification and gain privileges via vectors involving junctions.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: security@mozilla.org — http://www.mozilla.org/security/announce/2013/mfsa2013-44.html
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| mozilla | firefox | {"endIncluding":"20.0.1"} | |
| mozilla | firefox | 19.0 | |
| mozilla | firefox | 19.0.1 | |
| mozilla | firefox | 19.0.2 | |
| mozilla | firefox | 20.0 | |
| mozilla | firefox | 17.0 | |
| mozilla | firefox | 17.0.1 | |
| mozilla | firefox | 17.0.2 | |
| mozilla | firefox | 17.0.3 | |
| mozilla | firefox | 17.0.4 | |
| mozilla | firefox | 17.0.5 | |
| mozilla | thunderbird | {"endIncluding":"17.0.5"} | |
| mozilla | thunderbird | 17.0 | |
| mozilla | thunderbird | 17.0.1 | |
| mozilla | thunderbird | 17.0.2 | |
| mozilla | thunderbird | 17.0.3 | |
| mozilla | thunderbird | 17.0.4 | |
| mozilla | thunderbird_esr | {"endIncluding":"17.0.5"} | |
| mozilla | thunderbird_esr | 17.0 | |
| mozilla | thunderbird_esr | 17.0.1 | |
| mozilla | thunderbird_esr | 17.0.2 | |
| mozilla | thunderbird_esr | 17.0.3 | |
| mozilla | thunderbird_esr | 17.0.4 | |
References
- http://www.mozilla.org/security/announce/2013/mfsa2013-44.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=850492
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16915
- http://www.mozilla.org/security/announce/2013/mfsa2013-44.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=850492
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16915
CWEs
CWE-264
Verify integrity in audit chain (admin only). AS-IS.