CVE-2013-1700

2013-06-2603:19:00

CWE-264

[email protected]

web.nvd.nist.gov

mozilla

firefox

cve-2013-1700

windows

privilege escalation

vulnerability

6.3 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

The Mozilla Maintenance Service in Mozilla Firefox before 22.0 on Windows does not properly handle inability to launch the Mozilla Updater executable file, which allows local users to gain privileges via vectors involving placement of a Trojan horse executable file at an arbitrary location.

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxle21.0
mozilla:firefoxmozilla firefoxeq19.0
mozilla:firefoxmozilla firefoxeq19.0.1
mozilla:firefoxmozilla firefoxeq19.0.2
mozilla:firefoxmozilla firefoxeq20.0
mozilla:firefoxmozilla firefoxeq20.0.1

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	le	21.0
mozilla:firefox	mozilla firefox	eq	19.0
mozilla:firefox	mozilla firefox	eq	19.0.1
mozilla:firefox	mozilla firefox	eq	19.0.2
mozilla:firefox	mozilla firefox	eq	20.0
mozilla:firefox	mozilla firefox	eq	20.0.1