[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

Mozilla Products: Inaccessible updater can lead to local privilege escalation - mfsa2013-62

ID: oval:org.secpod.oval:def:16325Date: (C)2013-12-30   (M)2017-09-22
Class: PATCHFamily: macos




Security researcher Seb Patane reported an issue with the Mozilla Maintenance Service on Windows. He discovered that when the Mozilla Updater executable was inaccessible, the Maintenance Service will behave incorrectly and can be made to use an updater at an arbitrary location. This updater will run with the system privileges used by the Maintenance Service, allowing for local privilege escalation. Local file system access is necessary in order for this issue to be exploitable and it cannot be triggered through web content.

Platform:
Apple Mac OS X 10.8
Apple Mac OS X 10.9
Apple Mac OS X 10.10
Apple Mac OS X 10.11
Apple Mac OS X 10.12
Apple Mac OS X Server 10.8
Apple Mac OS X Server 10.9
Apple Mac OS X Server 10.10
Apple Mac OS X Server 10.11
Apple Mac OS X Server 10.12
Product:
Mozilla Firefox
Reference:
MFSA 2013-62
CVE-2013-1700
CVE    1
CVE-2013-1700
CPE    7
cpe:/a:mozilla:firefox:21.0
cpe:/a:mozilla:firefox:20.0
cpe:/a:mozilla:firefox:19.0.1
cpe:/a:mozilla:firefox:20.0.1
...

© 2013 SecPod Technologies