CVE-2013-1673
Firefox < 21.0 - Privilege Escalation via Maintenance Service Registry Mismanagement
Title source: llmDescription
The Mozilla Updater in Mozilla Firefox before 21.0 on Windows does not properly maintain Mozilla Maintenance Service registry entries in certain situations involving upgrades from older Firefox versions, which allows local users to gain privileges by leveraging write access to a "trusted path."
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
http://www.mozilla.org/security/announce/2013/mfsa2013-45.html
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=854088
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17125
Scores
EPSS
0.0026
EPSS Percentile
17.2%
Details
CWE
CWE-264
Status
published
Products (5)
mozilla/firefox
19.0
mozilla/firefox
19.0.1
mozilla/firefox
19.0.2
mozilla/firefox
20.0
mozilla/firefox
< 20.0.1
Published
May 16, 2013
Tracked Since
Feb 18, 2026