CVE-2014-1520

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

maintenservice_installer.exe in the Maintenance Service Installer in Mozilla Firefox before 29.0 and Firefox ESR 24.x before 24.5 on Windows allows local users to gain privileges by placing a Trojan horse DLL file into a temporary directory at an unspecified point in the update process.

References

http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html

http://packetstormsecurity.com/files/161696/Mozilla-Arbitrary-Code-Execution-Privilege-Escalation.html

http://seclists.org/fulldisclosure/2021/Mar/14

http://secunia.com/advisories/59866

http://www.mozilla.org/security/announce/2014/mfsa2014-35.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.securitytracker.com/id/1030163

https://bugzilla.mozilla.org/show_bug.cgi?id=961676

https://security.gentoo.org/glsa/201504-01

Details

Source: MITRE

Published: 2014-04-30

Updated: 2021-03-17

Type: CWE-269

Risk Information

CVSS v2

Base Score: 6.9

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.4

Severity: MEDIUM

Tenable Plugins

View all (9 total)

IDNameProductFamilySeverity
701244Mozilla Firefox ESR < 24.5 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
82632GLSA-201504-01 : Mozilla Products: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
74006SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 9185)NessusSuSE Local Security Checks
critical
8213Mozilla Firefox < 29.0 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
73848Fedora 19 : firefox-29.0-5.fc19 / thunderbird-24.5.0-1.fc19 / xulrunner-29.0-1.fc19 (2014-5829)NessusFedora Local Security Checks
critical
73819Fedora 20 : firefox-29.0-5.fc20 / thunderbird-24.5.0-1.fc20 / xulrunner-29.0-1.fc20 (2014-5833)NessusFedora Local Security Checks
critical
73779FreeBSD : mozilla -- multiple vulnerabilities (985d4d6c-cfbd-11e3-a003-b4b52fce4ce8)NessusFreeBSD Local Security Checks
critical
73769Firefox < 29.0 Multiple VulnerabilitiesNessusWindows
critical
73768Firefox ESR 24.x < 24.5 Multiple VulnerabilitiesNessusWindows
critical