Vulnerabilities > CVE-2013-1715 - Arbitrary Code Execution vulnerability in Mozilla Firefox and Seamonkey

047910
CVSS 6.9 - MEDIUM
Attack vector
LOCAL
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
mozilla
microsoft
nessus

Summary

Multiple untrusted search path vulnerabilities in the (1) full installer and (2) stub installer in Mozilla Firefox before 23.0 on Windows allow local users to gain privileges via a Trojan horse DLL in the default downloads directory. NOTE: this issue exists because of an incomplete fix for CVE-2012-4206. Per: http://cwe.mitre.org/data/definitions/426.html CWE-426 Untrusted Search Path

Vulnerable Configurations

Part Description Count
Application
Mozilla
215
OS
Microsoft
1

Nessus

  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_0998E79D005511E3905B0025905A4771.NASL
    descriptionThe Mozilla Project reports : MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8) MFSA 2013-64 Use after free mutating DOM during SetBody MFSA 2013-65 Buffer underflow when generating CRMF requests MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and Mozilla Updater MFSA 2013-67 Crash during WAV audio file decoding MFSA 2013-68 Document URI misrepresentation and masquerading MFSA 2013-69 CRMF requests allow for code execution and XSS attacks MFSA 2013-70 Bypass of XrayWrappers using XBL Scopes MFSA 2013-71 Further Privilege escalation through Mozilla Updater MFSA 2013-72 Wrong principal used for validating URI for some JavaScript components MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest MFSA 2013-74 Firefox full and stub installer DLL hijacking MFSA 2013-75 Local Java applets may read contents of local file system
    last seen2020-06-01
    modified2020-06-02
    plugin id69278
    published2013-08-09
    reporterThis script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69278
    titleFreeBSD : mozilla -- multiple vulnerabilities (0998e79d-0055-11e3-905b-0025905a4771)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2018 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(69278);
      script_version("1.10");
      script_cvs_date("Date: 2018/11/21 10:46:30");
    
      script_cve_id("CVE-2013-1701", "CVE-2013-1702", "CVE-2013-1704", "CVE-2013-1705", "CVE-2013-1706", "CVE-2013-1707", "CVE-2013-1708", "CVE-2013-1709", "CVE-2013-1710", "CVE-2013-1711", "CVE-2013-1712", "CVE-2013-1713", "CVE-2013-1714", "CVE-2013-1715", "CVE-2013-1717");
    
      script_name(english:"FreeBSD : mozilla -- multiple vulnerabilities (0998e79d-0055-11e3-905b-0025905a4771)");
      script_summary(english:"Checks for updated packages in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote FreeBSD host is missing one or more security-related
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The Mozilla Project reports :
    
    MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8)
    
    MFSA 2013-64 Use after free mutating DOM during SetBody
    
    MFSA 2013-65 Buffer underflow when generating CRMF requests
    
    MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and
    Mozilla Updater
    
    MFSA 2013-67 Crash during WAV audio file decoding
    
    MFSA 2013-68 Document URI misrepresentation and masquerading
    
    MFSA 2013-69 CRMF requests allow for code execution and XSS attacks
    
    MFSA 2013-70 Bypass of XrayWrappers using XBL Scopes
    
    MFSA 2013-71 Further Privilege escalation through Mozilla Updater
    
    MFSA 2013-72 Wrong principal used for validating URI for some
    JavaScript components
    
    MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest
    
    MFSA 2013-74 Firefox full and stub installer DLL hijacking
    
    MFSA 2013-75 Local Java applets may read contents of local file system"
      );
      # https://www.mozilla.org/security/announce/2013/mfsa2013-63.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-63/"
      );
      # https://www.mozilla.org/security/announce/2013/mfsa2013-64.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-64/"
      );
      # https://www.mozilla.org/security/announce/2013/mfsa2013-65.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-65/"
      );
      # https://www.mozilla.org/security/announce/2013/mfsa2013-66.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-66/"
      );
      # https://www.mozilla.org/security/announce/2013/mfsa2013-67.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-67/"
      );
      # https://www.mozilla.org/security/announce/2013/mfsa2013-68.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-68/"
      );
      # https://www.mozilla.org/security/announce/2013/mfsa2013-69.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-69/"
      );
      # https://www.mozilla.org/security/announce/2013/mfsa2013-70.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-70/"
      );
      # https://www.mozilla.org/security/announce/2013/mfsa2013-71.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-71/"
      );
      # https://www.mozilla.org/security/announce/2013/mfsa2013-72.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-72/"
      );
      # http://www.mozilla.org/security/known-vulnerabilities/
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/known-vulnerabilities/"
      );
      # https://vuxml.freebsd.org/freebsd/0998e79d-0055-11e3-905b-0025905a4771.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?5ed72e18"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Firefox toString console.time Privileged Javascript Injection');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:firefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-firefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-seamonkey");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-thunderbird");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:seamonkey");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:thunderbird");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/08/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/08/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/08/09");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"firefox>18.0,1<23.0,1")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"firefox<17.0.8,1")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"linux-firefox<17.0.8,1")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"linux-seamonkey<2.20")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"linux-thunderbird<17.0.8")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"seamonkey<2.20")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"thunderbird>11.0<17.0.8")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_23.NASL
    descriptionThe installed version of Firefox is earlier than 23.0 and is, therefore, potentially affected by the following vulnerabilities : - Various errors exist that could allow memory corruption conditions. (CVE-2013-1701, CVE-2013-1702) - Use-after-free errors exist related to DOM modification when using
    last seen2020-06-01
    modified2020-06-02
    plugin id69269
    published2013-08-08
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69269
    titleFirefox < 23.0 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(69269);
      script_version("1.16");
      script_cvs_date("Date: 2019/11/27");
    
      script_cve_id(
        "CVE-2013-1701",
        "CVE-2013-1702",
        "CVE-2013-1704",
        "CVE-2013-1705",
        "CVE-2013-1706",
        "CVE-2013-1707",
        "CVE-2013-1708",
        "CVE-2013-1709",
        "CVE-2013-1710",
        "CVE-2013-1711",
        "CVE-2013-1712",
        "CVE-2013-1713",
        "CVE-2013-1714",
        "CVE-2013-1715",
        "CVE-2013-1717"
      );
      script_bugtraq_id(
        61864,
        61867,
        61869,
        61871,
        61872,
        61873,
        61874,
        61875,
        61876,
        61877,
        61878,
        61882,
        61883,
        61896,
        61900
      );
    
      script_name(english:"Firefox < 23.0 Multiple Vulnerabilities");
      script_summary(english:"Checks version of Firefox");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host contains a web browser that is potentially
    affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The installed version of Firefox is earlier than 23.0 and is,
    therefore, potentially affected by the following vulnerabilities :
    
      - Various errors exist that could allow memory corruption
        conditions. (CVE-2013-1701, CVE-2013-1702)
    
      - Use-after-free errors exist related to DOM modification
        when using 'SetBody' and generating a 'Certificate
        Request Message'. (CVE-2013-1704, CVE-2013-1705)
    
      - Errors exist related to the update service and
        'maintenanceservice.exe' that could allow buffer
        overflows when handling unexpectedly long path values.
        (CVE-2013-1706, CVE-2013-1707)
    
      - An error exists in the function 'nsCString::CharAt'
        that could allow application crashes when decoding
        specially crafted WAV audio files. (CVE-2013-1708)
    
      - Unspecified errors exist related to HTML frames and
        history handling, 'XrayWrappers', JavaScript URI
        handling and web workers using 'XMLHttpRequest' that
        could allow cross-site scripting attacks.
        (CVE-2013-1709, CVE-2013-1711, CVE-2013-1713,
        CVE-2013-1714)
    
      - An unspecified error exists related to generating
        'Certificate Request Message Format' (CRMF) requests
        that could allow cross-site scripting attacks.
        (CVE-2013-1710)
    
      - DLL path loading errors exist related to the update
        service, full installer and the stub installer that
        could allow execution of arbitrary code.
        (CVE-2013-1712, CVE-2013-1715)
    
      - An error exists related to Java applets and 'file:///'
        URIs that could allow read-only access to arbitrary
        files. (CVE-2013-1717)");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-63/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-64/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-65/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-66/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-67/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-68/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-69/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-70/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-71/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-72/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-73/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-74/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-75/");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Firefox 23.0 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-1710");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Firefox 5.0 - 15.0.1 __exposedProps__ XCS Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/08/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/08/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/08/08");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("mozilla_org_installed.nasl");
      script_require_keys("Mozilla/Firefox/Version");
    
      exit(0);
    }
    
    include("mozilla_version.inc");
    
    port = get_kb_item_or_exit("SMB/transport");
    
    installs = get_kb_list("SMB/Mozilla/Firefox/*");
    if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox");
    
    mozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'23.0', severity:SECURITY_HOLE, xss:TRUE);
    
  • NASL familyWindows
    NASL idMOZILLA_THUNDERBIRD_1708.NASL
    descriptionThe installed version of Thunderbird is a version prior to 17.0.8 and is, therefore, potentially affected by the following vulnerabilities : - Various errors exist that could allow memory corruption conditions. (CVE-2013-1701, CVE-2013-1702) - Use-after-free errors exist related to DOM modification when using
    last seen2020-06-01
    modified2020-06-02
    plugin id69270
    published2013-08-08
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69270
    titleMozilla Thunderbird < 17.0.8 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(69270);
      script_version("1.16");
      script_cvs_date("Date: 2019/11/27");
    
      script_cve_id(
        "CVE-2013-1701",
        "CVE-2013-1702",
        "CVE-2013-1704",
        "CVE-2013-1705",
        "CVE-2013-1706",
        "CVE-2013-1707",
        "CVE-2013-1708",
        "CVE-2013-1709",
        "CVE-2013-1710",
        "CVE-2013-1711",
        "CVE-2013-1712",
        "CVE-2013-1713",
        "CVE-2013-1714",
        "CVE-2013-1715",
        "CVE-2013-1717"
      );
      script_bugtraq_id(
        61864,
        61867,
        61869,
        61871,
        61872,
        61873,
        61874,
        61875,
        61876,
        61877,
        61878,
        61882,
        61883,
        61896,
        61900
      );
    
      script_name(english:"Mozilla Thunderbird < 17.0.8 Multiple Vulnerabilities");
      script_summary(english:"Checks version of Thunderbird");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host contains a mail client that is potentially
    affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The installed version of Thunderbird is a version prior to 17.0.8 and
    is, therefore, potentially affected by the following vulnerabilities :
    
      - Various errors exist that could allow memory corruption
        conditions. (CVE-2013-1701, CVE-2013-1702)
    
      - Use-after-free errors exist related to DOM modification
        when using 'SetBody' and generating a 'Certificate
        Request Message'. (CVE-2013-1704, CVE-2013-1705)
    
      - Errors exist related to the update service and
        'maintenanceservice.exe' that could allow buffer
        overflows when handling unexpectedly long path values.
        (CVE-2013-1706, CVE-2013-1707)
    
      - An error exists in the function 'nsCString::CharAt'
        that could allow application crashes when decoding
        specially crafted WAV audio files. (CVE-2013-1708)
    
      - Unspecified errors exist related to HTML frames and
        history handling, 'XrayWrappers', JavaScript URI
        handling and web workers using 'XMLHttpRequest' that
        could allow cross-site scripting attacks.
        (CVE-2013-1709, CVE-2013-1711, CVE-2013-1713,
        CVE-2013-1714)
    
      - An unspecified error exists related to generating
        'Certificate Request Message Format' (CRMF) requests
        that could allow cross-site scripting attacks.
        (CVE-2013-1710)
    
      - DLL path loading errors exist related to the update
        service, full installer and the stub installer that
        could allow execution of arbitrary code.
        (CVE-2013-1712, CVE-2013-1715)
    
      - An error exists related to Java applets and 'file:///'
        URIs that could allow read-only access to arbitrary
        files. (CVE-2013-1717)");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-63/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-64/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-65/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-66/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-67/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-68/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-69/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-70/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-71/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-72/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-73/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-74/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-75/");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Thunderbird 17.0.8 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-1710");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Firefox 5.0 - 15.0.1 __exposedProps__ XCS Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/08/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/08/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/08/08");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:thunderbird");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("mozilla_org_installed.nasl");
      script_require_keys("Mozilla/Thunderbird/Version");
    
      exit(0);
    }
    
    include("mozilla_version.inc");
    
    port = get_kb_item_or_exit("SMB/transport");
    
    installs = get_kb_list("SMB/Mozilla/Thunderbird/*");
    if (isnull(installs)) audit(AUDIT_NOT_INST, "Thunderbird");
    
    mozilla_check_version(installs:installs, product:'thunderbird', esr:FALSE, fix:'17.0.8', severity:SECURITY_HOLE, xss:TRUE);
    

Oval

accepted2014-10-06T04:02:39.955-04:00
classvulnerability
contributors
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
definition_extensions
commentMozilla Firefox Mainline release is installed
ovaloval:org.mitre.oval:def:22259
descriptionMultiple untrusted search path vulnerabilities in the (1) full installer and (2) stub installer in Mozilla Firefox before 23.0 on Windows allow local users to gain privileges via a Trojan horse DLL in the default downloads directory. NOTE: this issue exists because of an incomplete fix for CVE-2012-4206.
familywindows
idoval:org.mitre.oval:def:18210
statusaccepted
submitted2013-08-30T10:26:26.748+04:00
titleFirefox full and stub installer DLL hijacking
version26

Seebug

bulletinFamilyexploit
descriptionCVE ID:CVE-2013-1715 Mozilla Firefox是Mozilla所发布的WEB浏览器 Windows平台上的Mozilla Firefox中的完全安装程序(full installer)和在线安装程序(stub installer)处理搜索路径存在安全漏洞,允许在默认下载路径中存放特殊的木马DLL,当程序执行时可加载恶意库并执行,可提升权限 0 Mozilla Firefox &lt; 23.0 厂商解决方案 Mozilla Firefox 23.0已经修复此漏洞,建议用户下载更新: http://www.mozilla.org
idSSV:60942
last seen2017-11-19
modified2013-08-11
published2013-08-11
reporterRoot
titleMozilla Firefox安装程序搜索路径处理漏洞