[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

Mozilla Products: Buffer overflow in Mozilla Maintenance Service and Mozilla Updater - mfsa2013-66

ID: oval:org.secpod.oval:def:16329Date: (C)2013-12-30   (M)2023-11-18
Class: PATCHFamily: macos




Security researcher Seb Patane reported stack buffer overflows in both the Maintenance Service and the Mozilla Updater when unexpectedly long paths were encountered. A local attacker could pass these as command-line arguments to the Maintenance Service to crash either program and potentially lead to arbitrary code being run with the Administrator privileges used by the Maintenance Service and inherited by the Updater.

Platform:
Apple Mac OS 14
Apple Mac OS 13
Apple Mac OS 12
Apple Mac OS 11
Apple Mac OS X 10.15
Apple Mac OS X 10.14
Apple Mac OS X 10.13
Apple Mac OS X 10.11
Apple Mac OS X 10.12
Product:
Mozilla Firefox
Mozilla Thunderbird ESR
Mozilla SeaMonkey
Mozilla Thunderbird
Mozilla Firefox ESR
Reference:
MFSA 2013-66
CVE-2013-1707
CVE-2013-1706
CVE    2
CVE-2013-1707
CVE-2013-1706
CPE    36
cpe:/a:mozilla:firefox_esr:17.0
cpe:/a:mozilla:firefox_esr
cpe:/a:mozilla:thunderbird
cpe:/a:mozilla:firefox:20.0.1
...

© SecPod Technologies