CVE-2013-1707Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources
Severity
7.2HIGHNVD
EPSS
0.0%
top 84.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla ThunderbirdMozilla Thunderbird ESR
Timeline
PublishedAug 7
Latest updateMay 17

Description

Stack-based buffer overflow in Mozilla Updater in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 allows local users to gain privileges via a long pathname on the command line to the Mozilla Maintenance Service.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages3 packages

NVDmozilla/firefox22.0+14
NVDmozilla/thunderbird17.0.7+7
NVDmozilla/thunderbird_esr8 versions+7

🔴Vulnerability Details

2
GHSA
GHSA-p236-q4xw-9cqj: Stack-based buffer overflow in Mozilla Updater in Mozilla Firefox before 232022-05-17
CVEList
CVE-2013-1707: Stack-based buffer overflow in Mozilla Updater in Mozilla Firefox before 232013-08-07
CVE-2013-1707 — Mozilla Firefox vulnerability | cvebase