MFSA 2013-66: Buffer overflow in Mozilla Maintenance Service and Mozilla UpdaterID: oval:org.secpod.oval:def:15015 | Date: (C)2013-09-01 (M)2024-03-27 |
Class: PATCH | Family: windows |
Security researcher Seb Patane reported stack buffer overflows in both the Maintenance Service and the Mozilla Updater when unexpectedly long paths were encountered. A local attacker could pass these as command-line arguments to the Maintenance Service to crash either program and potentially lead to arbitrary code being run with the Administrator privileges used by the Maintenance Service and inherited by the Updater.
Platform: |
Microsoft Windows Server 2022 |
Microsoft Windows 11 |
Microsoft Windows Server 2019 |
Microsoft Windows Server 2016 |
Microsoft Windows 2000 |
Microsoft Windows XP |
Microsoft Windows Server 2003 |
Microsoft Windows Vista |
Microsoft Windows Server 2008 |
Microsoft Windows 7 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows 8 |
Microsoft Windows 8.1 |
Microsoft Windows Server 2012 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows 10 |
Product: |
Mozilla Thunderbird |
Mozilla Thunderbird ESR |
Mozilla SeaMonkey |
Mozilla Firefox |
Mozilla Firefox ESR |