Lucene search

K

Ubuntu.comUB:CVE-2013-1673

HistoryMay 16, 2013 - 12:00 a.m.

CVE-2013-1673

2013-05-1600:00:00

ubuntu.com

ubuntu.com

13

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

The Mozilla Updater in Mozilla Firefox before 21.0 on Windows does not
properly maintain Mozilla Maintenance Service registry entries in certain
situations involving upgrades from older Firefox versions, which allows
local users to gain privileges by leveraging write access to a “trusted
path.”

Notes

Author	Note
chrisccoulson	Affects the Mozilla Maintenance Service on Windows only

References

www.mozilla.org/security/announce/2013/mfsa2013-45.html

launchpad.net/bugs/cve/CVE-2013-1673

nvd.nist.gov/vuln/detail/CVE-2013-1673

security-tracker.debian.org/tracker/CVE-2013-1673

www.cve.org/CVERecord?id=CVE-2013-1673

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

Related for UB:CVE-2013-1673

prion1 cve1 mozilla1 openvas6 securityvulns1 nessus5 suse1