Vulnerabilities > CVE-2013-1715 - Arbitrary Code Execution vulnerability in Mozilla Firefox and Seamonkey
Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple untrusted search path vulnerabilities in the (1) full installer and (2) stub installer in Mozilla Firefox before 23.0 on Windows allow local users to gain privileges via a Trojan horse DLL in the default downloads directory. NOTE: this issue exists because of an incomplete fix for CVE-2012-4206. Per: http://cwe.mitre.org/data/definitions/426.html CWE-426 Untrusted Search Path
Vulnerable Configurations
Nessus
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_0998E79D005511E3905B0025905A4771.NASL description The Mozilla Project reports : MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8) MFSA 2013-64 Use after free mutating DOM during SetBody MFSA 2013-65 Buffer underflow when generating CRMF requests MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and Mozilla Updater MFSA 2013-67 Crash during WAV audio file decoding MFSA 2013-68 Document URI misrepresentation and masquerading MFSA 2013-69 CRMF requests allow for code execution and XSS attacks MFSA 2013-70 Bypass of XrayWrappers using XBL Scopes MFSA 2013-71 Further Privilege escalation through Mozilla Updater MFSA 2013-72 Wrong principal used for validating URI for some JavaScript components MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest MFSA 2013-74 Firefox full and stub installer DLL hijacking MFSA 2013-75 Local Java applets may read contents of local file system last seen 2020-06-01 modified 2020-06-02 plugin id 69278 published 2013-08-09 reporter This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/69278 title FreeBSD : mozilla -- multiple vulnerabilities (0998e79d-0055-11e3-905b-0025905a4771) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(69278); script_version("1.10"); script_cvs_date("Date: 2018/11/21 10:46:30"); script_cve_id("CVE-2013-1701", "CVE-2013-1702", "CVE-2013-1704", "CVE-2013-1705", "CVE-2013-1706", "CVE-2013-1707", "CVE-2013-1708", "CVE-2013-1709", "CVE-2013-1710", "CVE-2013-1711", "CVE-2013-1712", "CVE-2013-1713", "CVE-2013-1714", "CVE-2013-1715", "CVE-2013-1717"); script_name(english:"FreeBSD : mozilla -- multiple vulnerabilities (0998e79d-0055-11e3-905b-0025905a4771)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "The Mozilla Project reports : MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8) MFSA 2013-64 Use after free mutating DOM during SetBody MFSA 2013-65 Buffer underflow when generating CRMF requests MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and Mozilla Updater MFSA 2013-67 Crash during WAV audio file decoding MFSA 2013-68 Document URI misrepresentation and masquerading MFSA 2013-69 CRMF requests allow for code execution and XSS attacks MFSA 2013-70 Bypass of XrayWrappers using XBL Scopes MFSA 2013-71 Further Privilege escalation through Mozilla Updater MFSA 2013-72 Wrong principal used for validating URI for some JavaScript components MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest MFSA 2013-74 Firefox full and stub installer DLL hijacking MFSA 2013-75 Local Java applets may read contents of local file system" ); # https://www.mozilla.org/security/announce/2013/mfsa2013-63.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-63/" ); # https://www.mozilla.org/security/announce/2013/mfsa2013-64.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-64/" ); # https://www.mozilla.org/security/announce/2013/mfsa2013-65.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-65/" ); # https://www.mozilla.org/security/announce/2013/mfsa2013-66.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-66/" ); # https://www.mozilla.org/security/announce/2013/mfsa2013-67.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-67/" ); # https://www.mozilla.org/security/announce/2013/mfsa2013-68.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-68/" ); # https://www.mozilla.org/security/announce/2013/mfsa2013-69.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-69/" ); # https://www.mozilla.org/security/announce/2013/mfsa2013-70.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-70/" ); # https://www.mozilla.org/security/announce/2013/mfsa2013-71.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-71/" ); # https://www.mozilla.org/security/announce/2013/mfsa2013-72.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-72/" ); # http://www.mozilla.org/security/known-vulnerabilities/ script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/known-vulnerabilities/" ); # https://vuxml.freebsd.org/freebsd/0998e79d-0055-11e3-905b-0025905a4771.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?5ed72e18" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Firefox toString console.time Privileged Javascript Injection'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:firefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-firefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-seamonkey"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-thunderbird"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:seamonkey"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:thunderbird"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/08/06"); script_set_attribute(attribute:"patch_publication_date", value:"2013/08/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/08/09"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"firefox>18.0,1<23.0,1")) flag++; if (pkg_test(save_report:TRUE, pkg:"firefox<17.0.8,1")) flag++; if (pkg_test(save_report:TRUE, pkg:"linux-firefox<17.0.8,1")) flag++; if (pkg_test(save_report:TRUE, pkg:"linux-seamonkey<2.20")) flag++; if (pkg_test(save_report:TRUE, pkg:"linux-thunderbird<17.0.8")) flag++; if (pkg_test(save_report:TRUE, pkg:"seamonkey<2.20")) flag++; if (pkg_test(save_report:TRUE, pkg:"thunderbird>11.0<17.0.8")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Windows NASL id MOZILLA_FIREFOX_23.NASL description The installed version of Firefox is earlier than 23.0 and is, therefore, potentially affected by the following vulnerabilities : - Various errors exist that could allow memory corruption conditions. (CVE-2013-1701, CVE-2013-1702) - Use-after-free errors exist related to DOM modification when using last seen 2020-06-01 modified 2020-06-02 plugin id 69269 published 2013-08-08 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/69269 title Firefox < 23.0 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(69269); script_version("1.16"); script_cvs_date("Date: 2019/11/27"); script_cve_id( "CVE-2013-1701", "CVE-2013-1702", "CVE-2013-1704", "CVE-2013-1705", "CVE-2013-1706", "CVE-2013-1707", "CVE-2013-1708", "CVE-2013-1709", "CVE-2013-1710", "CVE-2013-1711", "CVE-2013-1712", "CVE-2013-1713", "CVE-2013-1714", "CVE-2013-1715", "CVE-2013-1717" ); script_bugtraq_id( 61864, 61867, 61869, 61871, 61872, 61873, 61874, 61875, 61876, 61877, 61878, 61882, 61883, 61896, 61900 ); script_name(english:"Firefox < 23.0 Multiple Vulnerabilities"); script_summary(english:"Checks version of Firefox"); script_set_attribute(attribute:"synopsis", value: "The remote Windows host contains a web browser that is potentially affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The installed version of Firefox is earlier than 23.0 and is, therefore, potentially affected by the following vulnerabilities : - Various errors exist that could allow memory corruption conditions. (CVE-2013-1701, CVE-2013-1702) - Use-after-free errors exist related to DOM modification when using 'SetBody' and generating a 'Certificate Request Message'. (CVE-2013-1704, CVE-2013-1705) - Errors exist related to the update service and 'maintenanceservice.exe' that could allow buffer overflows when handling unexpectedly long path values. (CVE-2013-1706, CVE-2013-1707) - An error exists in the function 'nsCString::CharAt' that could allow application crashes when decoding specially crafted WAV audio files. (CVE-2013-1708) - Unspecified errors exist related to HTML frames and history handling, 'XrayWrappers', JavaScript URI handling and web workers using 'XMLHttpRequest' that could allow cross-site scripting attacks. (CVE-2013-1709, CVE-2013-1711, CVE-2013-1713, CVE-2013-1714) - An unspecified error exists related to generating 'Certificate Request Message Format' (CRMF) requests that could allow cross-site scripting attacks. (CVE-2013-1710) - DLL path loading errors exist related to the update service, full installer and the stub installer that could allow execution of arbitrary code. (CVE-2013-1712, CVE-2013-1715) - An error exists related to Java applets and 'file:///' URIs that could allow read-only access to arbitrary files. (CVE-2013-1717)"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-63/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-64/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-65/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-66/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-67/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-68/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-69/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-70/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-71/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-72/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-73/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-74/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-75/"); script_set_attribute(attribute:"solution", value: "Upgrade to Firefox 23.0 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-1710"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Firefox 5.0 - 15.0.1 __exposedProps__ XCS Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"vuln_publication_date", value:"2013/08/06"); script_set_attribute(attribute:"patch_publication_date", value:"2013/08/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/08/08"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("mozilla_org_installed.nasl"); script_require_keys("Mozilla/Firefox/Version"); exit(0); } include("mozilla_version.inc"); port = get_kb_item_or_exit("SMB/transport"); installs = get_kb_list("SMB/Mozilla/Firefox/*"); if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox"); mozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'23.0', severity:SECURITY_HOLE, xss:TRUE);
NASL family Windows NASL id MOZILLA_THUNDERBIRD_1708.NASL description The installed version of Thunderbird is a version prior to 17.0.8 and is, therefore, potentially affected by the following vulnerabilities : - Various errors exist that could allow memory corruption conditions. (CVE-2013-1701, CVE-2013-1702) - Use-after-free errors exist related to DOM modification when using last seen 2020-06-01 modified 2020-06-02 plugin id 69270 published 2013-08-08 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/69270 title Mozilla Thunderbird < 17.0.8 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(69270); script_version("1.16"); script_cvs_date("Date: 2019/11/27"); script_cve_id( "CVE-2013-1701", "CVE-2013-1702", "CVE-2013-1704", "CVE-2013-1705", "CVE-2013-1706", "CVE-2013-1707", "CVE-2013-1708", "CVE-2013-1709", "CVE-2013-1710", "CVE-2013-1711", "CVE-2013-1712", "CVE-2013-1713", "CVE-2013-1714", "CVE-2013-1715", "CVE-2013-1717" ); script_bugtraq_id( 61864, 61867, 61869, 61871, 61872, 61873, 61874, 61875, 61876, 61877, 61878, 61882, 61883, 61896, 61900 ); script_name(english:"Mozilla Thunderbird < 17.0.8 Multiple Vulnerabilities"); script_summary(english:"Checks version of Thunderbird"); script_set_attribute(attribute:"synopsis", value: "The remote Windows host contains a mail client that is potentially affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The installed version of Thunderbird is a version prior to 17.0.8 and is, therefore, potentially affected by the following vulnerabilities : - Various errors exist that could allow memory corruption conditions. (CVE-2013-1701, CVE-2013-1702) - Use-after-free errors exist related to DOM modification when using 'SetBody' and generating a 'Certificate Request Message'. (CVE-2013-1704, CVE-2013-1705) - Errors exist related to the update service and 'maintenanceservice.exe' that could allow buffer overflows when handling unexpectedly long path values. (CVE-2013-1706, CVE-2013-1707) - An error exists in the function 'nsCString::CharAt' that could allow application crashes when decoding specially crafted WAV audio files. (CVE-2013-1708) - Unspecified errors exist related to HTML frames and history handling, 'XrayWrappers', JavaScript URI handling and web workers using 'XMLHttpRequest' that could allow cross-site scripting attacks. (CVE-2013-1709, CVE-2013-1711, CVE-2013-1713, CVE-2013-1714) - An unspecified error exists related to generating 'Certificate Request Message Format' (CRMF) requests that could allow cross-site scripting attacks. (CVE-2013-1710) - DLL path loading errors exist related to the update service, full installer and the stub installer that could allow execution of arbitrary code. (CVE-2013-1712, CVE-2013-1715) - An error exists related to Java applets and 'file:///' URIs that could allow read-only access to arbitrary files. (CVE-2013-1717)"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-63/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-64/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-65/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-66/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-67/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-68/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-69/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-70/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-71/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-72/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-73/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-74/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-75/"); script_set_attribute(attribute:"solution", value: "Upgrade to Thunderbird 17.0.8 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-1710"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Firefox 5.0 - 15.0.1 __exposedProps__ XCS Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"vuln_publication_date", value:"2013/08/06"); script_set_attribute(attribute:"patch_publication_date", value:"2013/08/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/08/08"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:thunderbird"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("mozilla_org_installed.nasl"); script_require_keys("Mozilla/Thunderbird/Version"); exit(0); } include("mozilla_version.inc"); port = get_kb_item_or_exit("SMB/transport"); installs = get_kb_list("SMB/Mozilla/Thunderbird/*"); if (isnull(installs)) audit(AUDIT_NOT_INST, "Thunderbird"); mozilla_check_version(installs:installs, product:'thunderbird', esr:FALSE, fix:'17.0.8', severity:SECURITY_HOLE, xss:TRUE);
Oval
accepted | 2014-10-06T04:02:39.955-04:00 | ||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||
contributors |
| ||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||
description | Multiple untrusted search path vulnerabilities in the (1) full installer and (2) stub installer in Mozilla Firefox before 23.0 on Windows allow local users to gain privileges via a Trojan horse DLL in the default downloads directory. NOTE: this issue exists because of an incomplete fix for CVE-2012-4206. | ||||||||||||||||||||
family | windows | ||||||||||||||||||||
id | oval:org.mitre.oval:def:18210 | ||||||||||||||||||||
status | accepted | ||||||||||||||||||||
submitted | 2013-08-30T10:26:26.748+04:00 | ||||||||||||||||||||
title | Firefox full and stub installer DLL hijacking | ||||||||||||||||||||
version | 26 |
Seebug
bulletinFamily | exploit |
description | CVE ID:CVE-2013-1715 Mozilla Firefox是Mozilla所发布的WEB浏览器 Windows平台上的Mozilla Firefox中的完全安装程序(full installer)和在线安装程序(stub installer)处理搜索路径存在安全漏洞,允许在默认下载路径中存放特殊的木马DLL,当程序执行时可加载恶意库并执行,可提升权限 0 Mozilla Firefox < 23.0 厂商解决方案 Mozilla Firefox 23.0已经修复此漏洞,建议用户下载更新: http://www.mozilla.org |
id | SSV:60942 |
last seen | 2017-11-19 |
modified | 2013-08-11 |
published | 2013-08-11 |
reporter | Root |
title | Mozilla Firefox安装程序搜索路径处理漏洞 |