CVE-2013-1715

2013-08-0701:55:04

[email protected]

web.nvd.nist.gov

cve-2013-1715

mozilla firefox

untrusted search path

privilege escalation

dll

windows

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.5 Medium

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

16.4%

JSON

Multiple untrusted search path vulnerabilities in the (1) full installer and (2) stub installer in Mozilla Firefox before 23.0 on Windows allow local users to gain privileges via a Trojan horse DLL in the default downloads directory. NOTE: this issue exists because of an incomplete fix for CVE-2012-4206.

Affected configurations

NVD

Node

mozillafirefoxRange≤22.0

mozillafirefoxMatch19.0

mozillafirefoxMatch19.0.1

mozillafirefoxMatch19.0.2

mozillafirefoxMatch20.0

mozillafirefoxMatch20.0.1

mozillafirefoxMatch21.0

AND

microsoftwindows

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxle22.0
mozilla:firefoxmozilla firefoxeq19.0
mozilla:firefoxmozilla firefoxeq19.0.1
mozilla:firefoxmozilla firefoxeq19.0.2
mozilla:firefoxmozilla firefoxeq20.0
mozilla:firefoxmozilla firefoxeq20.0.1
mozilla:firefoxmozilla firefoxeq21.0

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	le	22.0
mozilla:firefox	mozilla firefox	eq	19.0
mozilla:firefox	mozilla firefox	eq	19.0.1
mozilla:firefox	mozilla firefox	eq	19.0.2
mozilla:firefox	mozilla firefox	eq	20.0
mozilla:firefox	mozilla firefox	eq	20.0.1
mozilla:firefox	mozilla firefox	eq	21.0