CVE-2013-1672
Mozilla Firefox < 21.0 and Firefox ESR 17.x < 17.0.6 - Local Privilege Escalation via Junction Attack
Title source: llmDescription
The Mozilla Maintenance Service in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 on Windows allows local users to bypass integrity verification and gain privileges via vectors involving junctions.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
http://www.mozilla.org/security/announce/2013/mfsa2013-44.html
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16915
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=850492
Scores
EPSS
0.0033
EPSS Percentile
25.4%
Details
CWE
CWE-264
Status
published
Products (23)
mozilla/firefox
19.0
mozilla/firefox
19.0.1
mozilla/firefox
19.0.2
mozilla/firefox
20.0
mozilla/firefox
17.0
mozilla/firefox
17.0.1
mozilla/firefox
17.0.2
mozilla/firefox
17.0.3
mozilla/firefox
17.0.4
mozilla/firefox
17.0.5
... and 13 more
Published
May 16, 2013
Tracked Since
Feb 18, 2026