CVE-2014-1520Improper Privilege Management in Mozilla Firefox

CWE-269Improper Privilege Management6 documents4 sources
Severity
6.9MEDIUMNVD
EPSS
0.0%
top 88.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla FirefoxFedoraproject Fedora
Timeline
PublishedApr 30
Latest updateMay 13

Description

maintenservice_installer.exe in the Maintenance Service Installer in Mozilla Firefox before 29.0 and Firefox ESR 24.x before 24.5 on Windows allows local users to gain privileges by placing a Trojan horse DLL file into a temporary directory at an unspecified point in the update process.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages1 packages

NVDmozilla/firefox24.024.5+1

Also affects: Fedora 19, 20

Patches

Patch: bugzilla.mozilla.orgPatch: bugzilla.mozilla.org

🔴Vulnerability Details

1
GHSA
GHSA-f8rp-8hgw-hrhp: maintenservice_installer2022-05-13

💥Exploits & PoCs

1
Exploit-DB
Procentia IntelliPen 1.1.12.1520 - 'data.aspx' Blind SQL Injection2014-03-12

💬Community

3
Bugzilla
Privilege escalation via shfolder.dll due to unsafe temp directory created by 7-zip extractors2016-04-30
Bugzilla
Privilege escalation via maintenanceservice_installer.exe due to unsafe temp directory created by 7-zip extractors2016-04-30
Bugzilla
Privilege escalation via maintenanceservice.exe due to unsafe temp directory created by 7-zip extractors2016-04-30