Mozilla Foundation Security Advisory 2013-45
Title: Mozilla Updater fails to update some
Windows Registry entries
Announced: May 14, 2013
Reporter: Robert Kugler
Fixed in: Firefox 21.0
Security researcher Robert Kugler discovered that in some instances the Mozilla Maintenance Service on Windows will be vulnerable to some previously fixed privilege escalation attacks that allowed for local privilege escalation. This was caused by the Mozilla Updater not updating Windows Registry entries for the Mozilla Maintenance Service, which fixed the earlier issues present if Firefox 12 had been installed. New installations of Firefox after version 12 are not affected by this issue. Local file system access is necessary in order for this issue to be exploitable and it cannot be triggered through web content.