CVE-2013-0799

HIGH

Description

Buffer overflow in the Mozilla Maintenance Service in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, and Thunderbird ESR 17.x before 17.0.5 on Windows allows local users to gain privileges via crafted arguments.

References

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html

http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html

http://www.mozilla.org/security/announce/2013/mfsa2013-32.html

https://bugzilla.mozilla.org/show_bug.cgi?id=848417

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17155

Details

Source: MITRE

Published: 2013-04-03

Updated: 2017-09-19

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 7.2

Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C)

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

AND

cpe:2.3:a:mozilla:firefox:19.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:19.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 2

AND

cpe:2.3:a:mozilla:firefox_esr:17.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:17.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:17.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:17.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:17.0.4:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 3

AND

cpe:2.3:a:mozilla:thunderbird:17.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:17.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:17.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:17.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:17.0.4:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 4

AND

cpe:2.3:a:mozilla:thunderbird_esr:17.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird_esr:17.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird_esr:17.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird_esr:17.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird_esr:17.0.4:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Tenable Plugins

View all (17 total)

ID	Name	Product	Family	Severity
83585	SUSE SLES11 Security Update : Mozilla Firefox (SUSE-SU-2013:0850-1)	Nessus	SuSE Local Security Checks	critical
70183	GLSA-201309-23 : Mozilla Products: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
68949	SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 8001)	Nessus	SuSE Local Security Checks	critical
66668	SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8578)	Nessus	SuSE Local Security Checks	critical
66667	SuSE 11.2 Security Update : Mozilla Firefox (SAT Patch Number 7741)	Nessus	SuSE Local Security Checks	critical
66666	SuSE 11.2 Security Update : Mozilla Firefox (SAT Patch Number 7741)	Nessus	SuSE Local Security Checks	critical
65866	SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8537)	Nessus	SuSE Local Security Checks	critical
65865	SuSE 11.2 Security Update : Mozilla Firefox (SAT Patch Number 7599)	Nessus	SuSE Local Security Checks	critical
65847	FreeBSD : mozilla -- multiple vulnerabilities (94976433-9c74-11e2-a9fc-d43d7e0c7c02)	Nessus	FreeBSD Local Security Checks	critical
801250	Mozilla Thunderbird < 17.0.5 Multiple Vulnerabilities	Log Correlation Engine	SMTP Clients	high
801242	Mozilla Firefox < 20.0 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
65808	Mozilla Thunderbird ESR 17.x < 17.0.5 Multiple Vulnerabilities	Nessus	Windows	high
65807	Mozilla Thunderbird < 17.0.5 Multiple Vulnerabilities	Nessus	Windows	high
65806	Firefox < 20 Multiple Vulnerabilities	Nessus	Windows	high
65805	Firefox ESR 17.x < 17.0.5 Multiple Vulnerabilities	Nessus	Windows	high
6736	Mozilla Thunderbird < 17.0.5 Multiple Vulnerabilities	Nessus Network Monitor	SMTP Clients	critical
6734	Mozilla Firefox < 20.0 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	critical