Lucene search

[email protected]CVE-2013-0798

HistoryApr 03, 2013 - 11:56 a.m.

CVE-2013-0798

2013-04-0311:56:00

CWE-264

[email protected]

web.nvd.nist.gov

mozilla

firefox

android

cve-2013-0798

security vulnerability

world-writable permissions

world-readable permissions

app_tmp directory

nvd

6 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

49.1%

JSON

Mozilla Firefox before 20.0 on Android uses world-writable and world-readable permissions for the app_tmp installation directory in the local filesystem, which allows attackers to modify add-ons before installation via an application that leverages the time window during which app_tmp is used.

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxle19.0.2
mozilla:firefoxmozilla firefoxeq19.0
mozilla:firefoxmozilla firefoxeq19.0.1

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	le	19.0.2
mozilla:firefox	mozilla firefox	eq	19.0
mozilla:firefox	mozilla firefox	eq	19.0.1

References

lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html

www.mozilla.org/security/announce/2013/mfsa2013-33.html

bugzilla.mozilla.org/show_bug.cgi?id=844832

6 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

49.1%

JSON

Related for CVE-2013-0798

securityvulns3 ubuntucve1 mozilla1 prion1 openvas2 suse2 nessus4 freebsd1