Further Privilege escalation through Mozilla Updater — Mozilla

2013-08-0600:00:00

Mozilla Foundation

www.mozilla.org

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.001

Percentile

16.2%

JSON

Security researcher Ash reported an issue with the Mozilla Updater on Windows 7 and later versions of Windows. On vulnerable platforms, the Mozilla Updater can be made to load a specific malicious DLL file from the local system. This DLL file can run in a privileged context through the Mozilla Maintenance Service’s privileges, allowing for local privilege escalation. The DLL file can also run in an unprivileged context if the Mozilla Updater is run directly by a user in the same directory as the file. Local file system access is necessary in order for this issue to be exploitable.

Affected configurations

Vulners

Node

mozillafirefoxRange<23

mozillafirefox_esrRange<17.0.8

mozillaseamonkeyRange<2.20

mozillathunderbirdRange<17.0.8

mozillathunderbird_esrRange<17.0.8

VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozillafirefox_esr*cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
mozillaseamonkey*cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
mozillathunderbird*cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
mozillathunderbird_esr*cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	firefox	*	cpe:2.3:a:mozilla:firefox::::::::
mozilla	firefox_esr	*	cpe:2.3:a:mozilla:firefox_esr::::::::
mozilla	seamonkey	*	cpe:2.3:a:mozilla:seamonkey::::::::
mozilla	thunderbird	*	cpe:2.3:a:mozilla:thunderbird::::::::
mozilla	thunderbird_esr	*	cpe:2.3:a:mozilla:thunderbird_esr::::::::