CVE-2013-1673

medium

Published 2013-05-16 · Modified 2026-04-29

CVSS v3

—

CVSS v2

6.9

VIR risk

6.9

Description

The Mozilla Updater in Mozilla Firefox before 21.0 on Windows does not properly maintain Mozilla Maintenance Service registry entries in certain situations involving upgrades from older Firefox versions, which allows local users to gain privileges by leveraging write access to a "trusted path."

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: security@mozilla.org — http://www.mozilla.org/security/announce/2013/mfsa2013-45.html

Application impact

Vendor	Product	Versions
mozilla	firefox	`{"endIncluding":"20.0.1"}`
mozilla	firefox	`19.0`
mozilla	firefox	`19.0.1`
mozilla	firefox	`19.0.2`
mozilla	firefox	`20.0`

References

http://www.mozilla.org/security/announce/2013/mfsa2013-45.html
https://bugzilla.mozilla.org/show_bug.cgi?id=854088
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17125
http://www.mozilla.org/security/announce/2013/mfsa2013-45.html
https://bugzilla.mozilla.org/show_bug.cgi?id=854088
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17125

CWEs

CWE-264

Verify integrity in audit chain (admin only). AS-IS.