Vulnerability Details : CVE-2013-1673
The Mozilla Updater in Mozilla Firefox before 21.0 on Windows does not properly maintain Mozilla Maintenance Service registry entries in certain situations involving upgrades from older Firefox versions, which allows local users to gain privileges by leveraging write access to a "trusted path."
Products affected by CVE-2013-1673
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:19.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:19.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:19.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:20.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-1673
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-1673
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.9
|
MEDIUM | AV:L/AC:M/Au:N/C:C/I:C/A:C |
3.4
|
10.0
|
NIST |
CWE ids for CVE-2013-1673
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-1673
-
http://www.mozilla.org/security/announce/2013/mfsa2013-45.html
Mozilla Updater fails to update some Windows Registry entries — MozillaVendor Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=854088
854088 - (CVE-2013-1673) old MozillaMaintenance Service registry entry not updated, leads to Trusted Path Privilege Escalation
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17125
Repository / Oval Repository
Jump to