Lucene search
HistorySep 18, 2013 - 10:08 a.m.
CVE-2013-1726
6.2 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:C/I:C/A:C
6.3 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
44.0%
Mozilla Updater in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 does not ensure exclusive access to a MAR file, which allows local users to gain privileges by creating a Trojan horse file after MAR signature verification but before MAR use.
Affected configurations
Node
mozillathunderbird_esrMatch17.0
ORmozillathunderbird_esrMatch17.0.1
ORmozillathunderbird_esrMatch17.0.2
ORmozillathunderbird_esrMatch17.0.3
ORmozillathunderbird_esrMatch17.0.4
ORmozillathunderbird_esrMatch17.0.5
ORmozillathunderbird_esrMatch17.0.6
ORmozillathunderbird_esrMatch17.0.7
ORmozillathunderbird_esrMatch17.0.8
Node
mozillathunderbirdRange≤17.0.9
ORmozillathunderbirdMatch17.0
ORmozillathunderbirdMatch17.0.1
ORmozillathunderbirdMatch17.0.2
ORmozillathunderbirdMatch17.0.3
ORmozillathunderbirdMatch17.0.4
ORmozillathunderbirdMatch17.0.5
ORmozillathunderbirdMatch17.0.6
ORmozillathunderbirdMatch17.0.7
ORmozillathunderbirdMatch17.0.8
Node
mozillafirefoxRange≤23.0.1
ORmozillafirefoxMatch19.0
ORmozillafirefoxMatch19.0.1
ORmozillafirefoxMatch19.0.2
ORmozillafirefoxMatch20.0
ORmozillafirefoxMatch20.0.1
ORmozillafirefoxMatch21.0
ORmozillafirefoxMatch22.0
ORmozillafirefoxMatch23.0
Node
mozillafirefox_esrMatch17.0
ORmozillafirefox_esrMatch17.0.1
ORmozillafirefox_esrMatch17.0.2
ORmozillafirefox_esrMatch17.0.3
ORmozillafirefox_esrMatch17.0.4
ORmozillafirefox_esrMatch17.0.5
ORmozillafirefox_esrMatch17.0.6
ORmozillafirefox_esrMatch17.0.7
ORmozillafirefox_esrMatch17.0.8
Node
mozillaseamonkeyRange≤2.20
ORmozillaseamonkeyMatch2.0
ORmozillaseamonkeyMatch2.0alpha_1
ORmozillaseamonkeyMatch2.0alpha_2
ORmozillaseamonkeyMatch2.0alpha_3
ORmozillaseamonkeyMatch2.0beta_1
ORmozillaseamonkeyMatch2.0beta_2
ORmozillaseamonkeyMatch2.0rc1
ORmozillaseamonkeyMatch2.0rc2
ORmozillaseamonkeyMatch2.0.1
ORmozillaseamonkeyMatch2.0.2
ORmozillaseamonkeyMatch2.0.3
ORmozillaseamonkeyMatch2.0.4
ORmozillaseamonkeyMatch2.0.5
ORmozillaseamonkeyMatch2.0.6
ORmozillaseamonkeyMatch2.0.7
ORmozillaseamonkeyMatch2.0.8
ORmozillaseamonkeyMatch2.0.9
ORmozillaseamonkeyMatch2.0.10
ORmozillaseamonkeyMatch2.0.11
ORmozillaseamonkeyMatch2.0.12
ORmozillaseamonkeyMatch2.0.13
ORmozillaseamonkeyMatch2.0.14
ORmozillaseamonkeyMatch2.1
ORmozillaseamonkeyMatch2.1alpha1
ORmozillaseamonkeyMatch2.1alpha2
ORmozillaseamonkeyMatch2.1alpha3
ORmozillaseamonkeyMatch2.1beta1
ORmozillaseamonkeyMatch2.1beta2
ORmozillaseamonkeyMatch2.1beta3
ORmozillaseamonkeyMatch2.1rc1
ORmozillaseamonkeyMatch2.1rc2
ORmozillaseamonkeyMatch2.10
ORmozillaseamonkeyMatch2.10beta1
ORmozillaseamonkeyMatch2.10beta2
ORmozillaseamonkeyMatch2.10beta3
ORmozillaseamonkeyMatch2.10.1
ORmozillaseamonkeyMatch2.11
ORmozillaseamonkeyMatch2.11beta1
ORmozillaseamonkeyMatch2.11beta2
ORmozillaseamonkeyMatch2.11beta3
ORmozillaseamonkeyMatch2.11beta4
ORmozillaseamonkeyMatch2.11beta5
ORmozillaseamonkeyMatch2.11beta6
ORmozillaseamonkeyMatch2.12
ORmozillaseamonkeyMatch2.12beta1
ORmozillaseamonkeyMatch2.12beta2
ORmozillaseamonkeyMatch2.12beta3
ORmozillaseamonkeyMatch2.12beta4
ORmozillaseamonkeyMatch2.12beta5
ORmozillaseamonkeyMatch2.12beta6
ORmozillaseamonkeyMatch2.12.1
ORmozillaseamonkeyMatch2.13
ORmozillaseamonkeyMatch2.13beta1
ORmozillaseamonkeyMatch2.13beta2
ORmozillaseamonkeyMatch2.13beta3
ORmozillaseamonkeyMatch2.13beta4
ORmozillaseamonkeyMatch2.13beta5
ORmozillaseamonkeyMatch2.13beta6
ORmozillaseamonkeyMatch2.13.1
ORmozillaseamonkeyMatch2.13.2
ORmozillaseamonkeyMatch2.14
ORmozillaseamonkeyMatch2.14beta1
ORmozillaseamonkeyMatch2.14beta2
ORmozillaseamonkeyMatch2.14beta3
ORmozillaseamonkeyMatch2.14beta4
ORmozillaseamonkeyMatch2.14beta5
ORmozillaseamonkeyMatch2.15
ORmozillaseamonkeyMatch2.15beta1
ORmozillaseamonkeyMatch2.15beta2
ORmozillaseamonkeyMatch2.15beta3
ORmozillaseamonkeyMatch2.15beta4
ORmozillaseamonkeyMatch2.15beta5
ORmozillaseamonkeyMatch2.15beta6
ORmozillaseamonkeyMatch2.15.1
ORmozillaseamonkeyMatch2.15.2
ORmozillaseamonkeyMatch2.16
ORmozillaseamonkeyMatch2.16beta1
ORmozillaseamonkeyMatch2.16beta2
ORmozillaseamonkeyMatch2.16beta3
ORmozillaseamonkeyMatch2.16beta4
ORmozillaseamonkeyMatch2.16beta5
ORmozillaseamonkeyMatch2.16.1
ORmozillaseamonkeyMatch2.16.2
ORmozillaseamonkeyMatch2.17
ORmozillaseamonkeyMatch2.17beta1
ORmozillaseamonkeyMatch2.17beta2
ORmozillaseamonkeyMatch2.17beta3
ORmozillaseamonkeyMatch2.17beta4
ORmozillaseamonkeyMatch2.17.1
ORmozillaseamonkeyMatch2.18beta1
ORmozillaseamonkeyMatch2.18beta2
ORmozillaseamonkeyMatch2.18beta3
ORmozillaseamonkeyMatch2.18beta4
ORmozillaseamonkeyMatch2.19
ORmozillaseamonkeyMatch2.19beta1
ORmozillaseamonkeyMatch2.19beta2
ORmozillaseamonkeyMatch2.20beta1
ORmozillaseamonkeyMatch2.20beta2
ORmozillaseamonkeyMatch2.20beta3
References
lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html
lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html
lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html
www.mozilla.org/security/announce/2013/mfsa2013-83.html
bugzilla.mozilla.org/show_bug.cgi?id=890853
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18821
Related
prion
prion
Code injection
2013-09-18 10:08:00
cve
cve
CVE-2013-1726
2013-09-18 10:08:24
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2013-83) - Linux
2021-11-11 00:00:00
Mozilla Thunderbird ESR Multiple Vulnerabilities-01 (Sep 2013) - Mac OS X
2013-09-24 00:00:00
Mozilla Firefox ESR Multiple Vulnerabilities-01 (Sep 2013) - Mac OS X
2013-09-24 00:00:00
cvelist
cvelist
CVE-2013-1726
2013-09-18 10:00:00
mozilla
mozilla
nessus
nessus
SuSE 11.2 / 11.3 Security Update : Mozilla Firefox (SAT Patch Numbers 8344 / 8346)
2013-09-28 00:00:00
Mozilla Thunderbird < 24.0
2013-09-18 00:00:00
Mozilla Firefox ESR < 17.0.9 Multiple Vulnerabilities
2019-11-06 00:00:00
suse
suse
Security update for Mozilla Firefox (important)
2013-09-27 22:04:14
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2013-10-01 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2013-08-17 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-09-27 00:00:00
6.2 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:C/I:C/A:C
6.3 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
44.0%
Related for NVD:CVE-2013-1726