CVE-2013-0797 — Mozilla Firefox vulnerability

3 documents3 sources

Severity

6.9MEDIUMNVD

EPSS

0.2%

top 61.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird +1 more

Timeline

PublishedApr 3

Latest updateMay 17

Description

Untrusted search path vulnerability in the Mozilla Updater in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allows local users to gain privileges via a Trojan horse DLL file in an unspecified directory.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages4 packages

▶NVDmozilla/firefox19.0.2+7

▶NVDmozilla/thunderbird5 versions+4

▶NVDmozilla/thunderbird_esr5 versions+4

▶NVDmozilla/seamonkey2.17+48

🔴Vulnerability Details

GHSA

GHSA-g3wf-mc3p-8357: Untrusted search path vulnerability in the Mozilla Updater in Mozilla Firefox before 20↗2022-05-17

▶

CVEList

CVE-2013-0797: Untrusted search path vulnerability in the Mozilla Updater in Mozilla Firefox before 20↗2013-04-03

▶