Mozilla Foundation Security Advisory 2013-34

Privilege escalation through Mozilla Updater

Announced
April 2, 2013
Reporter
Ash
Impact
High
Products
Firefox, Firefox ESR, SeaMonkey, Thunderbird, Thunderbird ESR
Fixed in
  • Firefox 20
  • Firefox ESR 17.0.5
  • SeaMonkey 2.17
  • Thunderbird 17.0.5
  • Thunderbird ESR 17.0.5

Description

Security researcher Ash reported an issue with the Mozilla Updater. The Mozilla Updater can be made to load a malicious local DLL file in a privileged context through either the Mozilla Maintenance Service or independently on systems that do not use the service. This occurs when the DLL file is placed in a specific location on the local system before the Mozilla Updater is run. Local file system access is necessary in order for this issue to be exploitable.

References