First published: Wed Aug 07 2013(Updated: )
Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Updater in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 on Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012 allow local users to gain privileges via a Trojan horse DLL in (1) the update directory or (2) the current working directory.
Credit: security@mozilla.org security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
Any of | ||
Mozilla Firefox | <=22.0 | |
Mozilla Firefox | =17.0 | |
Mozilla Firefox | =17.0.1 | |
Mozilla Firefox | =17.0.2 | |
Mozilla Firefox | =17.0.3 | |
Mozilla Firefox | =17.0.4 | |
Mozilla Firefox | =17.0.5 | |
Mozilla Firefox | =17.0.6 | |
Mozilla Firefox | =17.0.7 | |
Mozilla Firefox | =19.0 | |
Mozilla Firefox | =19.0.1 | |
Mozilla Firefox | =19.0.2 | |
Mozilla Firefox | =20.0 | |
Mozilla Firefox | =20.0.1 | |
Mozilla Firefox | =21.0 | |
Mozilla Thunderbird | <=17.0.7 | |
Mozilla Thunderbird | =17.0 | |
Mozilla Thunderbird | =17.0.1 | |
Mozilla Thunderbird | =17.0.2 | |
Mozilla Thunderbird | =17.0.3 | |
Mozilla Thunderbird | =17.0.4 | |
Mozilla Thunderbird | =17.0.5 | |
Mozilla Thunderbird | =17.0.6 | |
Mozilla Thunderbird ESR | =17.0 | |
Mozilla Thunderbird ESR | =17.0.1 | |
Mozilla Thunderbird ESR | =17.0.2 | |
Mozilla Thunderbird ESR | =17.0.3 | |
Mozilla Thunderbird ESR | =17.0.4 | |
Mozilla Thunderbird ESR | =17.0.5 | |
Mozilla Thunderbird ESR | =17.0.6 | |
Mozilla Thunderbird ESR | =17.0.7 | |
Any of | ||
Microsoft Windows 7 | ||
Microsoft Windows 8.0 | ||
Microsoft Windows 8.0 | ||
Microsoft Windows Server 2008 Itanium | =r2 | |
Microsoft Windows Server 2012 x64 | ||
Mozilla Firefox | <=22.0 | |
Mozilla Firefox | =19.0 | |
Mozilla Firefox | =19.0.1 | |
Mozilla Firefox | =19.0.2 | |
Mozilla Firefox | =20.0 | |
Mozilla Firefox | =20.0.1 | |
Mozilla Firefox | =21.0 | |
Mozilla Firefox ESR | =17.0 | |
Mozilla Firefox ESR | =17.0.1 | |
Mozilla Firefox ESR | =17.0.2 | |
Mozilla Firefox ESR | =17.0.3 | |
Mozilla Firefox ESR | =17.0.4 | |
Mozilla Firefox ESR | =17.0.5 | |
Mozilla Firefox ESR | =17.0.6 | |
Mozilla Firefox ESR | =17.0.7 | |
Mozilla Thunderbird | <=17.0.7 | |
Mozilla Thunderbird | =17.0 | |
Mozilla Thunderbird | =17.0.1 | |
Mozilla Thunderbird | =17.0.2 | |
Mozilla Thunderbird | =17.0.3 | |
Mozilla Thunderbird | =17.0.4 | |
Mozilla Thunderbird | =17.0.5 | |
Mozilla Thunderbird | =17.0.6 | |
Mozilla Thunderbird ESR | =17.0 | |
Mozilla Thunderbird ESR | =17.0.1 | |
Mozilla Thunderbird ESR | =17.0.2 | |
Mozilla Thunderbird ESR | =17.0.3 | |
Mozilla Thunderbird ESR | =17.0.4 | |
Mozilla Thunderbird ESR | =17.0.5 | |
Mozilla Thunderbird ESR | =17.0.6 | |
Mozilla Thunderbird ESR | =17.0.7 | |
Microsoft Windows 7 | ||
Microsoft Windows 8.0 | ||
Microsoft Windows 8.0 | ||
Microsoft Windows Server 2008 Itanium | =r2 | |
Microsoft Windows Server 2012 x64 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2013-1712 has been classified with a medium severity rating, indicating a moderate level of risk to affected systems.
To mitigate CVE-2013-1712, users should upgrade to the latest version of Mozilla Firefox or Thunderbird that is not vulnerable to this issue.
CVE-2013-1712 affects Mozilla Firefox versions up to 22.0, Firefox ESR versions before 17.0.8, and Thunderbird versions before 17.0.8.
CVE-2013-1712 is a local vulnerability, which means an attacker must have local access to exploit it.
CVE-2013-1712 primarily affects Windows 7, Windows 8, Windows Server 2008 R2, and Windows Server 2012.