CVE-2013-1673Mozilla Firefox vulnerability

CWE-2642 documents2 sources
Severity
6.9MEDIUMNVD
EPSS
0.0%
top 85.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Firefox
Timeline
PublishedMay 16
Latest updateMay 17

Description

The Mozilla Updater in Mozilla Firefox before 21.0 on Windows does not properly maintain Mozilla Maintenance Service registry entries in certain situations involving upgrades from older Firefox versions, which allows local users to gain privileges by leveraging write access to a "trusted path."

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages1 packages

NVDmozilla/firefox20.0.1+4

🔴Vulnerability Details

1
GHSA
GHSA-85p8-hpwj-pgv8: The Mozilla Updater in Mozilla Firefox before 212022-05-17