CVE-2013-1672

MEDIUM

Description

The Mozilla Maintenance Service in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 on Windows allows local users to bypass integrity verification and gain privileges via vectors involving junctions.

References

http://www.mozilla.org/security/announce/2013/mfsa2013-44.html

https://bugzilla.mozilla.org/show_bug.cgi?id=850492

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16915

Details

Source: MITRE

Published: 2013-05-16

Updated: 2017-09-19

Type: CWE-264

Risk Information

CVSS v2.0

Base Score: 6.9

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.4

Severity: MEDIUM

Vulnerable Software

Configuration 1

AND

OR

cpe:2.3:a:mozilla:firefox:19.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:19.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:19.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:20.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

OR

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 2

AND

OR

cpe:2.3:a:mozilla:firefox_esr:17.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:17.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:17.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:17.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:17.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:17.0.5:*:*:*:*:*:*:*

OR

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 3

AND

OR

cpe:2.3:a:mozilla:thunderbird:17.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:17.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:17.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:17.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:17.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

OR

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 4

AND

OR

cpe:2.3:a:mozilla:thunderbird_esr:17.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird_esr:17.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird_esr:17.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird_esr:17.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird_esr:17.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*

OR

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Tenable Plugins

View all (14 total)

IDNameProductFamilySeverity
68949SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 8001)NessusSuSE Local Security Checks
critical
801267Mozilla Firefox 20.x <= 20 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
medium
6828Mozilla Firefox < 21.0 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
66482Mozilla Thunderbird ESR 17.x < 17.0.6 Multiple VulnerabilitiesNessusWindows
critical
66481Mozilla Thunderbird 17.x < 17.0.5 Multiple VulnerabilitiesNessusWindows
critical
66480Firefox < 21.0 Multiple VulnerabilitiesNessusWindows
critical
66479Firefox ESR 17.x < 17.0.6 Multiple VulnerabilitiesNessusWindows
critical
66478Thunderbird ESR 17.x < 17.0.6 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
66477Thunderbird 17.x < 17.0.6 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
66476Firefox < 21.0 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
66475Firefox ESR 17.x < 17.0.6 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
66455FreeBSD : mozilla -- multiple vulnerabilities (4a1ca8a4-bd82-11e2-b7a0-d43d7e0c7c02)NessusFreeBSD Local Security Checks
critical
801314Mozilla Thunderbird 17.x < 17.0.6 Multiple VulnerabilitiesLog Correlation EngineSMTP Clients
high
6822Mozilla Thunderbird 17.x < 17.0.6 Multiple VulnerabilitiesNessus Network MonitorSMTP Clients
high