You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2013-45

Mozilla Foundation Security Advisory 2013-45

Title: Mozilla Updater fails to update some Windows Registry entries
Impact: High
Announced: May 14, 2013
Reporter: Robert Kugler
Products: Firefox

Fixed in: Firefox 21.0

Description

Security researcher Robert Kugler discovered that in some instances the Mozilla Maintenance Service on Windows will be vulnerable to some previously fixed privilege escalation attacks that allowed for local privilege escalation. This was caused by the Mozilla Updater not updating Windows Registry entries for the Mozilla Maintenance Service, which fixed the earlier issues present if Firefox 12 had been installed. New installations of Firefox after version 12 are not affected by this issue. Local file system access is necessary in order for this issue to be exploitable and it cannot be triggered through web content.

References