Published: 16/05/2013 Updated: 19/09/2017

CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4

VMScore: 614

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

The Mozilla Updater in Mozilla Firefox prior to 21.0 on Windows does not properly maintain Mozilla Maintenance Service registry entries in certain situations involving upgrades from older Firefox versions, which allows local users to gain privileges by leveraging write access to a "trusted path."

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox 19.0.1
mozilla firefox 19.0.2
mozilla firefox 20.0
mozilla firefox
mozilla firefox 19.0

Mozilla Foundation Security Advisory 2013-45 Mozilla Updater fails to update some Windows Registry entries Announced May 14, 2013 Reporter Robert Kugler Impact High Products Firefox Fixed in ...

CWE-264 https://bugzilla.mozilla.org/show_bug.cgi?id=854088 http://www.mozilla.org/security/announce/2013/mfsa2013-45.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17125 https://nvd.nist.gov https://www.mozilla.org/en-US/security/advisories/mfsa2013-45/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2013-1673

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect