[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

95906

 
 

909

 
 

77982

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

Mozilla Products: Further Privilege escalation through Mozilla Updater - mfsa2013-71

ID: oval:org.secpod.oval:def:16334Date: (C)2013-12-30   (M)2017-09-22
Class: PATCHFamily: macos




Security researcher Ash reported an issue with the Mozilla Updater on Windows 7 and later versions of Windows. On vulnerable platforms, the Mozilla Updater can be made to load a specific malicious DLL file from the local system. This DLL file can run in a privileged context through the Mozilla Maintenance Service"s privileges, allowing for local privilege escalation. The DLL file can also run in an unprivileged context if the Mozilla Updater is run directly by a user in the same directory as the file. Local file system access is necessary in order for this issue to be exploitable.

Platform:
Apple Mac OS X 10.8
Apple Mac OS X 10.9
Apple Mac OS X 10.10
Apple Mac OS X 10.11
Apple Mac OS X 10.12
Apple Mac OS X Server 10.8
Apple Mac OS X Server 10.9
Apple Mac OS X Server 10.10
Apple Mac OS X Server 10.11
Apple Mac OS X Server 10.12
Product:
Mozilla Firefox
Mozilla Thunderbird ESR
Mozilla SeaMonkey
Mozilla Thunderbird
Mozilla Firefox ESR
Reference:
MFSA 2013-71
CVE-2013-1712
CVE    1
CVE-2013-1712
CPE    36
cpe:/a:mozilla:thunderbird_esr
cpe:/a:mozilla:firefox_esr:17.0
cpe:/a:mozilla:thunderbird_esr:17.0
cpe:/a:mozilla:thunderbird:17.0.5
...

© 2013 SecPod Technologies