CVE-2013-0799

HIGH

Description

Buffer overflow in the Mozilla Maintenance Service in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, and Thunderbird ESR 17.x before 17.0.5 on Windows allows local users to gain privileges via crafted arguments.

References

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html

http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html

http://www.mozilla.org/security/announce/2013/mfsa2013-32.html

https://bugzilla.mozilla.org/show_bug.cgi?id=848417

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17155

Details

Source: MITRE

Published: 2013-04-03

Updated: 2017-09-19

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

AND

OR

cpe:2.3:a:mozilla:firefox:19.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:19.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

OR

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 2

AND

OR

cpe:2.3:a:mozilla:firefox_esr:17.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:17.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:17.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:17.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:17.0.4:*:*:*:*:*:*:*

OR

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 3

AND

OR

cpe:2.3:a:mozilla:thunderbird:17.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:17.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:17.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:17.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:17.0.4:*:*:*:*:*:*:*

OR

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 4

AND

OR

cpe:2.3:a:mozilla:thunderbird_esr:17.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird_esr:17.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird_esr:17.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird_esr:17.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird_esr:17.0.4:*:*:*:*:*:*:*

OR

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Tenable Plugins

View all (17 total)

IDNameProductFamilySeverity
83585SUSE SLES11 Security Update : Mozilla Firefox (SUSE-SU-2013:0850-1)NessusSuSE Local Security Checks
critical
70183GLSA-201309-23 : Mozilla Products: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
68949SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 8001)NessusSuSE Local Security Checks
critical
66668SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8578)NessusSuSE Local Security Checks
critical
66667SuSE 11.2 Security Update : Mozilla Firefox (SAT Patch Number 7741)NessusSuSE Local Security Checks
critical
66666SuSE 11.2 Security Update : Mozilla Firefox (SAT Patch Number 7741)NessusSuSE Local Security Checks
critical
65866SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8537)NessusSuSE Local Security Checks
critical
65865SuSE 11.2 Security Update : Mozilla Firefox (SAT Patch Number 7599)NessusSuSE Local Security Checks
critical
65847FreeBSD : mozilla -- multiple vulnerabilities (94976433-9c74-11e2-a9fc-d43d7e0c7c02)NessusFreeBSD Local Security Checks
critical
801250Mozilla Thunderbird < 17.0.5 Multiple VulnerabilitiesLog Correlation EngineSMTP Clients
high
801242Mozilla Firefox < 20.0 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
6736Mozilla Thunderbird < 17.0.5 Multiple VulnerabilitiesNessus Network MonitorSMTP Clients
critical
6734Mozilla Firefox < 20.0 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
critical
65808Mozilla Thunderbird ESR 17.x < 17.0.5 Multiple VulnerabilitiesNessusWindows
critical
65807Mozilla Thunderbird < 17.0.5 Multiple VulnerabilitiesNessusWindows
critical
65806Firefox < 20 Multiple VulnerabilitiesNessusWindows
critical
65805Firefox ESR 17.x < 17.0.5 Multiple VulnerabilitiesNessusWindows
critical