Vulnerability Details : CVE-2013-1700
The Mozilla Maintenance Service in Mozilla Firefox before 22.0 on Windows does not properly handle inability to launch the Mozilla Updater executable file, which allows local users to gain privileges via vectors involving placement of a Trojan horse executable file at an arbitrary location.
Products affected by CVE-2013-1700
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:19.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:19.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:19.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:20.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:20.0.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-1700
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 11 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-1700
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2013-1700
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-1700
-
http://www.mozilla.org/security/announce/2013/mfsa2013-62.html
Inaccessible updater can lead to local privilege escalation — MozillaVendor Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=867056
867056 - (CVE-2013-1700) Arbitrary code execution using a temporarily inaccessible file
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17126
Repository / Oval Repository
Jump to