CVE-2013-1673

2013-05-1611:45:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2013-1673

mozilla

firefox

updater

windows

privilege escalation

registry

nvd

6.2 Medium

AI Score

Confidence

Low

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

The Mozilla Updater in Mozilla Firefox before 21.0 on Windows does not properly maintain Mozilla Maintenance Service registry entries in certain situations involving upgrades from older Firefox versions, which allows local users to gain privileges by leveraging write access to a “trusted path.”

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxle20.0.1
mozilla:firefoxmozilla firefoxeq19.0
mozilla:firefoxmozilla firefoxeq19.0.1
mozilla:firefoxmozilla firefoxeq19.0.2
mozilla:firefoxmozilla firefoxeq20.0

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	le	20.0.1
mozilla:firefox	mozilla firefox	eq	19.0
mozilla:firefox	mozilla firefox	eq	19.0.1
mozilla:firefox	mozilla firefox	eq	19.0.2
mozilla:firefox	mozilla firefox	eq	20.0