Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Privilege escalation through Mozilla Maintenance Service

Related Vulnerabilities: CVE-2013-0799  

Source

Mozilla Foundation Security Advisory 2013-32

Privilege escalation through Mozilla Maintenance Service

Announced
April 2, 2013
Reporter
Frédéric Hoguin
Impact
High
Products
Firefox, Firefox ESR, Thunderbird, Thunderbird ESR
Fixed in
  • Firefox 20
  • Firefox ESR 17.0.5
  • Thunderbird 17.0.5
  • Thunderbird ESR 17.0.5

Description

Security researcher Frédéric Hoguin discovered that the Mozilla Maintenance Service on Windows was vulnerable to a buffer overflow. This system is used to update software without invoking the User Account Control (UAC) prompt. The Mozilla Maintenance Service is configured to allow unprivileged users to start it with arbitrary arguments. By manipulating the data passed in these arguments, an attacker can execute arbitrary code with the system privileges used by the service. This issue requires local file system access to be exploitable.

References

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started