You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2013-44

Mozilla Foundation Security Advisory 2013-44

Title: Local privilege escalation through Mozilla Maintenance Service
Impact: High
Announced: May 14, 2013
Reporter: Seb Patane
Products: Firefox, Thunderbird

Fixed in: Firefox 21.0
  Firefox ESR 17.0.6
  Thunderbird 17.0.6
  Thunderbird ESR 17.0.6

Description

Security researcher Seb Patane reported an issue with the Mozilla Maintenance Service on Windows. This issue allows unprivileged users to local privilege escalation through the system privileges used by the service when interacting with local malicious software. This allows the user to bypass integrity checks leading to local privilege escalation. Local file system access is necessary in order for this issue to be exploitable and it cannot be triggered through web content.

References