MFSA 2013-71: Further Privilege escalation through Mozilla UpdaterID: oval:org.secpod.oval:def:15020 | Date: (C)2013-09-01 (M)2024-03-27 |
Class: PATCH | Family: windows |
Security researcher Ash reported an issue with the Mozilla Updater on Windows 7 and later versions of Windows. On vulnerable platforms, the Mozilla Updater can be made to load a specific malicious DLL file from the localsystem. This DLL file can run in a privileged context through the Mozilla Maintenance Service"s privileges, allowing for local privilege escalation. The DLL file can also run in an unprivileged context if the Mozilla Updater is run directly by a user in the same directory as the file. Local file system access is necessary in order for this issue to be exploitable.
Platform: |
Microsoft Windows Server 2022 |
Microsoft Windows 11 |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2019 |
Microsoft Windows Server 2016 |
Microsoft Windows 7 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows 8 |
Microsoft Windows Server 2003 |
Microsoft Windows 8.1 |
Microsoft Windows Server 2012 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows 10 |
Product: |
Mozilla Thunderbird |
Mozilla Thunderbird ESR |
Mozilla SeaMonkey |
Mozilla Firefox |
Mozilla Firefox ESR |