CVE-2013-1700

HIGH

Description

The Mozilla Maintenance Service in Mozilla Firefox before 22.0 on Windows does not properly handle inability to launch the Mozilla Updater executable file, which allows local users to gain privileges via vectors involving placement of a Trojan horse executable file at an arbitrary location.

References

http://www.mozilla.org/security/announce/2013/mfsa2013-62.html

https://bugzilla.mozilla.org/show_bug.cgi?id=867056

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17126

Details

Source: MITRE

Published: 2013-06-26

Updated: 2017-09-19

Type: CWE-264

Risk Information

CVSS v2.0

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH