CVE-2013-1672

Mozilla Firefox < 21.0 and Firefox ESR 17.x < 17.0.6 - Local Privilege Escalation via Junction Attack

Title source: llm
STIX 2.1

Description

The Mozilla Maintenance Service in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 on Windows allows local users to bypass integrity verification and gain privileges via vectors involving junctions.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16915
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=850492

Scores

EPSS 0.0033
EPSS Percentile 25.4%

Details

CWE
CWE-264
Status published
Products (23)
mozilla/firefox 19.0
mozilla/firefox 19.0.1
mozilla/firefox 19.0.2
mozilla/firefox 20.0
mozilla/firefox 17.0
mozilla/firefox 17.0.1
mozilla/firefox 17.0.2
mozilla/firefox 17.0.3
mozilla/firefox 17.0.4
mozilla/firefox 17.0.5
... and 13 more
Published May 16, 2013
Tracked Since Feb 18, 2026