CVE-2013-1712
First published: Wed Aug 07 2013(Updated: )
Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Updater in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 on Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012 allow local users to gain privileges via a Trojan horse DLL in (1) the update directory or (2) the current working directory.
Credit: security@mozilla.org security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | <=22.0 | |
| Mozilla Firefox | =19.0 | |
| Mozilla Firefox | =19.0.1 | |
| Mozilla Firefox | =19.0.2 | |
| Mozilla Firefox | =20.0 | |
| Mozilla Firefox | =20.0.1 | |
| Mozilla Firefox | =21.0 | |
| Mozilla Firefox ESR | =17.0 | |
| Mozilla Firefox ESR | =17.0.1 | |
| Mozilla Firefox ESR | =17.0.2 | |
| Mozilla Firefox ESR | =17.0.3 | |
| Mozilla Firefox ESR | =17.0.4 | |
| Mozilla Firefox ESR | =17.0.5 | |
| Mozilla Firefox ESR | =17.0.6 | |
| Mozilla Firefox ESR | =17.0.7 | |
| Mozilla Thunderbird | <=17.0.7 | |
| Mozilla Thunderbird | =17.0 | |
| Mozilla Thunderbird | =17.0.1 | |
| Mozilla Thunderbird | =17.0.2 | |
| Mozilla Thunderbird | =17.0.3 | |
| Mozilla Thunderbird | =17.0.4 | |
| Mozilla Thunderbird | =17.0.5 | |
| Mozilla Thunderbird | =17.0.6 | |
| Mozilla Thunderbird Esr | =17.0 | |
| Mozilla Thunderbird Esr | =17.0.1 | |
| Mozilla Thunderbird Esr | =17.0.2 | |
| Mozilla Thunderbird Esr | =17.0.3 | |
| Mozilla Thunderbird Esr | =17.0.4 | |
| Mozilla Thunderbird Esr | =17.0.5 | |
| Mozilla Thunderbird Esr | =17.0.6 | |
| Mozilla Thunderbird Esr | =17.0.7 | |
| Microsoft Windows 7 | ||
| Microsoft Windows 8 | ||
| Microsoft Windows 8 | ||
| Microsoft Windows Server 2008 | =r2 | |
| Microsoft Windows Server 2012 | ||
| All of | ||
| Any of | ||
| Mozilla Firefox | <=22.0 | |
| Mozilla Firefox | =17.0 | |
| Mozilla Firefox | =17.0.1 | |
| Mozilla Firefox | =17.0.2 | |
| Mozilla Firefox | =17.0.3 | |
| Mozilla Firefox | =17.0.4 | |
| Mozilla Firefox | =17.0.5 | |
| Mozilla Firefox | =17.0.6 | |
| Mozilla Firefox | =17.0.7 | |
| Mozilla Firefox | =19.0 | |
| Mozilla Firefox | =19.0.1 | |
| Mozilla Firefox | =19.0.2 | |
| Mozilla Firefox | =20.0 | |
| Mozilla Firefox | =20.0.1 | |
| Mozilla Firefox | =21.0 | |
| Mozilla Thunderbird | <=17.0.7 | |
| Mozilla Thunderbird | =17.0 | |
| Mozilla Thunderbird | =17.0.1 | |
| Mozilla Thunderbird | =17.0.2 | |
| Mozilla Thunderbird | =17.0.3 | |
| Mozilla Thunderbird | =17.0.4 | |
| Mozilla Thunderbird | =17.0.5 | |
| Mozilla Thunderbird | =17.0.6 | |
| Mozilla Thunderbird Esr | =17.0 | |
| Mozilla Thunderbird Esr | =17.0.1 | |
| Mozilla Thunderbird Esr | =17.0.2 | |
| Mozilla Thunderbird Esr | =17.0.3 | |
| Mozilla Thunderbird Esr | =17.0.4 | |
| Mozilla Thunderbird Esr | =17.0.5 | |
| Mozilla Thunderbird Esr | =17.0.6 | |
| Mozilla Thunderbird Esr | =17.0.7 | |
| Any of | ||
| Microsoft Windows 7 | ||
| Microsoft Windows 8 | ||
| Microsoft Windows 8 | ||
| Microsoft Windows Server 2008 | =r2 | |
| Microsoft Windows Server 2012 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/type
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/severity
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- agent/event
- agent/last-modified-date
- agent/author
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/mozilla
- canonical/mozilla firefox
- version/mozilla firefox/22.0
- version/mozilla firefox/19.0
- version/mozilla firefox/19.0.1
- version/mozilla firefox/19.0.2
- version/mozilla firefox/20.0
- version/mozilla firefox/20.0.1
- version/mozilla firefox/21.0
- canonical/mozilla firefox esr
- version/mozilla firefox esr/17.0
- version/mozilla firefox esr/17.0.1
- version/mozilla firefox esr/17.0.2
- version/mozilla firefox esr/17.0.3
- version/mozilla firefox esr/17.0.4
- version/mozilla firefox esr/17.0.5
- version/mozilla firefox esr/17.0.6
- version/mozilla firefox esr/17.0.7
- canonical/mozilla thunderbird
- version/mozilla thunderbird/17.0.7
- version/mozilla thunderbird/17.0
- version/mozilla thunderbird/17.0.1
- version/mozilla thunderbird/17.0.2
- version/mozilla thunderbird/17.0.3
- version/mozilla thunderbird/17.0.4
- version/mozilla thunderbird/17.0.5
- version/mozilla thunderbird/17.0.6
- canonical/mozilla thunderbird esr
- version/mozilla thunderbird esr/17.0
- version/mozilla thunderbird esr/17.0.1
- version/mozilla thunderbird esr/17.0.2
- version/mozilla thunderbird esr/17.0.3
- version/mozilla thunderbird esr/17.0.4
- version/mozilla thunderbird esr/17.0.5
- version/mozilla thunderbird esr/17.0.6
- version/mozilla thunderbird esr/17.0.7
- vendor/microsoft
- canonical/microsoft windows 7
- canonical/microsoft windows 8
- canonical/microsoft windows server 2008
- version/microsoft windows server 2008/r2
- canonical/microsoft windows server 2012
- version/mozilla firefox/17.0
- version/mozilla firefox/17.0.1
- version/mozilla firefox/17.0.2
- version/mozilla firefox/17.0.3
- version/mozilla firefox/17.0.4
- version/mozilla firefox/17.0.5
- version/mozilla firefox/17.0.6
- version/mozilla firefox/17.0.7