Vulnerability CVE-2013-1707


Published: 2013-08-06   Modified: 2013-08-07

Description:
Stack-based buffer overflow in Mozilla Updater in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 allows local users to gain privileges via a long pathname on the command line to the Mozilla Maintenance Service.

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
VENDOR -> PRODUCT 
Mozilla -> Thunderbird 

 References:
https://bugzilla.mozilla.org/show_bug.cgi?id=888314
http://www.mozilla.org/security/announce/2013/mfsa2013-66.html

Copyright 2024, cxsecurity.com

 

Back to Top