cvelistv5 - cve-2014-1520

CVE-2014-1520 (GCVE-0-2014-1520)

Vulnerability from cvelistv5 – Published: 2014-04-30 10:00 – Updated: 2024-08-06 09:42

Summary

maintenservice_installer.exe in the Maintenance Service Installer in Mozilla Firefox before 29.0 and Firefox ESR 24.x before 24.5 on Windows allows local users to gain privileges by placing a Trojan horse DLL file into a temporary directory at an unspecified point in the update process.

Severity ?

No CVSS data available.

CWE

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=961676	x_refsource_CONFIRM
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	https://security.gentoo.org/glsa/201504-01	vendor-advisoryx_refsource_GENTOO
	http://secunia.com/advisories/59866	third-party-advisoryx_refsource_SECUNIA
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1030163	vdb-entryx_refsource_SECTRACK
	http://www.mozilla.org/security/announce/2014/mfs…	x_refsource_CONFIRM
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	http://seclists.org/fulldisclosure/2021/Mar/14	mailing-listx_refsource_FULLDISC
	http://packetstormsecurity.com/files/161696/Mozil…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:42:36.281Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=961676"
          },
          {
            "name": "FEDORA-2014-5833",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html"
          },
          {
            "name": "GLSA-201504-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201504-01"
          },
          {
            "name": "59866",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59866"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "name": "1030163",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030163"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-35.html"
          },
          {
            "name": "FEDORA-2014-5829",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html"
          },
          {
            "name": "20210308 Unholy CRAP: Moziila\u0027s executable installers",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2021/Mar/14"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/161696/Mozilla-Arbitrary-Code-Execution-Privilege-Escalation.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-04-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "maintenservice_installer.exe in the Maintenance Service Installer in Mozilla Firefox before 29.0 and Firefox ESR 24.x before 24.5 on Windows allows local users to gain privileges by placing a Trojan horse DLL file into a temporary directory at an unspecified point in the update process."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-09T17:06:27",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=961676"
        },
        {
          "name": "FEDORA-2014-5833",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html"
        },
        {
          "name": "GLSA-201504-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201504-01"
        },
        {
          "name": "59866",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59866"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
        },
        {
          "name": "1030163",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030163"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-35.html"
        },
        {
          "name": "FEDORA-2014-5829",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html"
        },
        {
          "name": "20210308 Unholy CRAP: Moziila\u0027s executable installers",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2021/Mar/14"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/161696/Mozilla-Arbitrary-Code-Execution-Privilege-Escalation.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2014-1520",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "maintenservice_installer.exe in the Maintenance Service Installer in Mozilla Firefox before 29.0 and Firefox ESR 24.x before 24.5 on Windows allows local users to gain privileges by placing a Trojan horse DLL file into a temporary directory at an unspecified point in the update process."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=961676",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=961676"
            },
            {
              "name": "FEDORA-2014-5833",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html"
            },
            {
              "name": "GLSA-201504-01",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201504-01"
            },
            {
              "name": "59866",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59866"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
            },
            {
              "name": "1030163",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1030163"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-35.html",
              "refsource": "CONFIRM",
              "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-35.html"
            },
            {
              "name": "FEDORA-2014-5829",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html"
            },
            {
              "name": "20210308 Unholy CRAP: Moziila\u0027s executable installers",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2021/Mar/14"
            },
            {
              "name": "http://packetstormsecurity.com/files/161696/Mozilla-Arbitrary-Code-Execution-Privilege-Escalation.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/161696/Mozilla-Arbitrary-Code-Execution-Privilege-Escalation.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2014-1520",
    "datePublished": "2014-04-30T10:00:00",
    "dateReserved": "2014-01-16T00:00:00",
    "dateUpdated": "2024-08-06T09:42:36.281Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"29.0\", \"matchCriteriaId\": \"22E1CD48-0EA1-446C-B475-40A858298C1E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"24.0\", \"versionEndExcluding\": \"24.5\", \"matchCriteriaId\": \"1E98FFD9-A341-4413-8473-830A0FBC8DF5\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5991814D-CA77-4C25-90D2-DB542B17E0AD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"maintenservice_installer.exe in the Maintenance Service Installer in Mozilla Firefox before 29.0 and Firefox ESR 24.x before 24.5 on Windows allows local users to gain privileges by placing a Trojan horse DLL file into a temporary directory at an unspecified point in the update process.\"}, {\"lang\": \"es\", \"value\": \"maintenservice_installer.exe en Maintenance Service Installer en Mozilla Firefox anterior a 29.0 y Firefox ESR 24.x anterior a 24.5 en Windows permite a usuarios locales ganar privilegios mediante la colocaci\\u00f3n de un archivo DLL de caballo de troya dentro de un directorio temporal en un momento no especificado en el proceso de actualizaci\\u00f3n.\"}]",
      "id": "CVE-2014-1520",
      "lastModified": "2024-11-21T02:04:28.417",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 6.9, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.4, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2014-04-30T10:49:04.753",
      "references": "[{\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/161696/Mozilla-Arbitrary-Code-Execution-Privilege-Escalation.html\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2021/Mar/14\", \"source\": \"security@mozilla.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/59866\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.mozilla.org/security/announce/2014/mfsa2014-35.html\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1030163\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=961676\", \"source\": \"security@mozilla.org\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201504-01\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/161696/Mozilla-Arbitrary-Code-Execution-Privilege-Escalation.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2021/Mar/14\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/59866\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.mozilla.org/security/announce/2014/mfsa2014-35.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1030163\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=961676\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201504-01\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "security@mozilla.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-269\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-1520\",\"sourceIdentifier\":\"security@mozilla.org\",\"published\":\"2014-04-30T10:49:04.753\",\"lastModified\":\"2025-11-25T17:50:16.803\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"maintenservice_installer.exe in the Maintenance Service Installer in Mozilla Firefox before 29.0 and Firefox ESR 24.x before 24.5 on Windows allows local users to gain privileges by placing a Trojan horse DLL file into a temporary directory at an unspecified point in the update process.\"},{\"lang\":\"es\",\"value\":\"maintenservice_installer.exe en Maintenance Service Installer en Mozilla Firefox anterior a 29.0 y Firefox ESR 24.x anterior a 24.5 en Windows permite a usuarios locales ganar privilegios mediante la colocaci\u00f3n de un archivo DLL de caballo de troya dentro de un directorio temporal en un momento no especificado en el proceso de actualizaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":6.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"29.0\",\"matchCriteriaId\":\"22E1CD48-0EA1-446C-B475-40A858298C1E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"24.0\",\"versionEndExcluding\":\"24.5\",\"matchCriteriaId\":\"E165A136-B39B-43FA-A5EB-34ACF718503B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5991814D-CA77-4C25-90D2-DB542B17E0AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9\"}]}]}],\"references\":[{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/161696/Mozilla-Arbitrary-Code-Execution-Privilege-Escalation.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2021/Mar/14\",\"source\":\"security@mozilla.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/59866\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.mozilla.org/security/announce/2014/mfsa2014-35.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1030163\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=961676\",\"source\":\"security@mozilla.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201504-01\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/161696/Mozilla-Arbitrary-Code-Execution-Privilege-Escalation.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2021/Mar/14\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/59866\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.mozilla.org/security/announce/2014/mfsa2014-35.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1030163\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=961676\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201504-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

GHSA-F8RP-8HGW-HRHP

Vulnerability from github – Published: 2022-05-13 01:11 – Updated: 2022-05-13 01:11

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-1520"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-04-30T10:49:00Z",
    "severity": "MODERATE"
  },
  "details": "maintenservice_installer.exe in the Maintenance Service Installer in Mozilla Firefox before 29.0 and Firefox ESR 24.x before 24.5 on Windows allows local users to gain privileges by placing a Trojan horse DLL file into a temporary directory at an unspecified point in the update process.",
  "id": "GHSA-f8rp-8hgw-hrhp",
  "modified": "2022-05-13T01:11:23Z",
  "published": "2022-05-13T01:11:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-1520"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=961676"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201504-01"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/161696/Mozilla-Arbitrary-Code-Execution-Privilege-Escalation.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2021/Mar/14"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59866"
    },
    {
      "type": "WEB",
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-35.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1030163"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2014-1520

Vulnerability from fkie_nvd - Published: 2014-04-30 10:49 - Updated: 2025-11-25 17:50

Severity ?

Summary

References

URL	Tags
security@mozilla.org	http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html	Third Party Advisory
security@mozilla.org	http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html	Third Party Advisory
security@mozilla.org	http://packetstormsecurity.com/files/161696/Mozilla-Arbitrary-Code-Execution-Privilege-Escalation.html	Third Party Advisory, VDB Entry
security@mozilla.org	http://seclists.org/fulldisclosure/2021/Mar/14	Mailing List, Third Party Advisory
security@mozilla.org	http://secunia.com/advisories/59866	Third Party Advisory
security@mozilla.org	http://www.mozilla.org/security/announce/2014/mfsa2014-35.html	Vendor Advisory
security@mozilla.org	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	Third Party Advisory
security@mozilla.org	http://www.securitytracker.com/id/1030163	Third Party Advisory, VDB Entry
security@mozilla.org	https://bugzilla.mozilla.org/show_bug.cgi?id=961676	Exploit, Issue Tracking, Patch, Vendor Advisory
security@mozilla.org	https://security.gentoo.org/glsa/201504-01	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/161696/Mozilla-Arbitrary-Code-Execution-Privilege-Escalation.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2021/Mar/14	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/59866	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.mozilla.org/security/announce/2014/mfsa2014-35.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1030163	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.mozilla.org/show_bug.cgi?id=961676	Exploit, Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201504-01	Third Party Advisory

Impacted products

Vendor	Product	Version
mozilla	firefox	*
mozilla	firefox	*
microsoft	windows	*
fedoraproject	fedora	19
fedoraproject	fedora	20

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "22E1CD48-0EA1-446C-B475-40A858298C1E",
              "versionEndExcluding": "29.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E165A136-B39B-43FA-A5EB-34ACF718503B",
              "versionEndExcluding": "24.5",
              "versionStartIncluding": "24.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*",
              "matchCriteriaId": "5991814D-CA77-4C25-90D2-DB542B17E0AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "maintenservice_installer.exe in the Maintenance Service Installer in Mozilla Firefox before 29.0 and Firefox ESR 24.x before 24.5 on Windows allows local users to gain privileges by placing a Trojan horse DLL file into a temporary directory at an unspecified point in the update process."
    },
    {
      "lang": "es",
      "value": "maintenservice_installer.exe en Maintenance Service Installer en Mozilla Firefox anterior a 29.0 y Firefox ESR 24.x anterior a 24.5 en Windows permite a usuarios locales ganar privilegios mediante la colocaci\u00f3n de un archivo DLL de caballo de troya dentro de un directorio temporal en un momento no especificado en el proceso de actualizaci\u00f3n."
    }
  ],
  "id": "CVE-2014-1520",
  "lastModified": "2025-11-25T17:50:16.803",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-04-30T10:49:04.753",
  "references": [
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/161696/Mozilla-Arbitrary-Code-Execution-Privilege-Escalation.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2021/Mar/14"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/59866"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-35.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1030163"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=961676"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201504-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/161696/Mozilla-Arbitrary-Code-Execution-Privilege-Escalation.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2021/Mar/14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/59866"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-35.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1030163"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=961676"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201504-01"
    }
  ],
  "sourceIdentifier": "security@mozilla.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2014-AVI-209

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Mozilla. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Mozilla	Firefox ESR	versions antérieures à Firefox ESR 24.5
Mozilla	Firefox	Versions antérieures à Firefox 29
Mozilla	Thunderbird	versions antérieures à Thunderbird 24.5
Mozilla	N/A	versions antérieures à Seamonkey 2.26

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2014-37 du 29 avril 2014	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2014-35 du 29 avril 2014	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2014-40 du 29 avril 2014	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2014-44 du 29 avril 2014	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2014-45 du 29 avril 2014	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2014-39 du 29 avril 2014	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2014-47 du 29 avril 2014	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2014-43 du 29 avril 2014	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2014-42 du 29 avril 2014	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2014-36 du 29 avril 2014	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2014-34 du 29 avril 2014	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2014-41 du 29 avril 2014	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2014-38 du 29 avril 2014	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2014-46 du 29 avril 2014	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "versions ant\u00e9rieures \u00e0 Firefox ESR 24.5",
      "product": {
        "name": "Firefox ESR",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Versions ant\u00e9rieures \u00e0 Firefox 29",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "versions ant\u00e9rieures \u00e0 Thunderbird 24.5",
      "product": {
        "name": "Thunderbird",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "versions ant\u00e9rieures \u00e0 Seamonkey 2.26",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-1522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1522"
    },
    {
      "name": "CVE-2014-1526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1526"
    },
    {
      "name": "CVE-2014-1532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1532"
    },
    {
      "name": "CVE-2014-1524",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1524"
    },
    {
      "name": "CVE-2014-1528",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1528"
    },
    {
      "name": "CVE-2014-1530",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1530"
    },
    {
      "name": "CVE-2014-1529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1529"
    },
    {
      "name": "CVE-2014-1523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1523"
    },
    {
      "name": "CVE-2014-1492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1492"
    },
    {
      "name": "CVE-2014-1525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1525"
    },
    {
      "name": "CVE-2014-1531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1531"
    },
    {
      "name": "CVE-2014-1527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1527"
    },
    {
      "name": "CVE-2014-1520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1520"
    },
    {
      "name": "CVE-2014-1519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1519"
    },
    {
      "name": "CVE-2014-1518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1518"
    }
  ],
  "links": [],
  "reference": "CERTFR-2014-AVI-209",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-04-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eMozilla\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\nd\u00e9ni de service \u00e0 distance et un contournement de la politique de\ns\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2014-37 du 29 avril 2014",
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-37.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2014-35 du 29 avril 2014",
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-35.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2014-40 du 29 avril 2014",
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-40.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2014-44 du 29 avril 2014",
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-44.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2014-45 du 29 avril 2014",
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-45.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2014-39 du 29 avril 2014",
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-39.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2014-47 du 29 avril 2014",
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-47.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2014-43 du 29 avril 2014",
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-43.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2014-42 du 29 avril 2014",
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-42.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2014-36 du 29 avril 2014",
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-36.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2014-34 du 29 avril 2014",
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-34.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2014-41 du 29 avril 2014",
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-41.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2014-38 du 29 avril 2014",
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-38.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2014-46 du 29 avril 2014",
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-46.html"
    }
  ]
}

CERTFR-2014-AVI-209

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Mozilla	Firefox ESR	versions antérieures à Firefox ESR 24.5
Mozilla	Firefox	Versions antérieures à Firefox 29
Mozilla	Thunderbird	versions antérieures à Thunderbird 24.5
Mozilla	N/A	versions antérieures à Seamonkey 2.26

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2014-37 du 29 avril 2014	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2014-35 du 29 avril 2014	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2014-40 du 29 avril 2014	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2014-44 du 29 avril 2014	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2014-45 du 29 avril 2014	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2014-39 du 29 avril 2014	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2014-47 du 29 avril 2014	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2014-43 du 29 avril 2014	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2014-42 du 29 avril 2014	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2014-36 du 29 avril 2014	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2014-34 du 29 avril 2014	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2014-41 du 29 avril 2014	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2014-38 du 29 avril 2014	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2014-46 du 29 avril 2014	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "versions ant\u00e9rieures \u00e0 Firefox ESR 24.5",
      "product": {
        "name": "Firefox ESR",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Versions ant\u00e9rieures \u00e0 Firefox 29",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "versions ant\u00e9rieures \u00e0 Thunderbird 24.5",
      "product": {
        "name": "Thunderbird",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "versions ant\u00e9rieures \u00e0 Seamonkey 2.26",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-1522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1522"
    },
    {
      "name": "CVE-2014-1526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1526"
    },
    {
      "name": "CVE-2014-1532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1532"
    },
    {
      "name": "CVE-2014-1524",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1524"
    },
    {
      "name": "CVE-2014-1528",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1528"
    },
    {
      "name": "CVE-2014-1530",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1530"
    },
    {
      "name": "CVE-2014-1529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1529"
    },
    {
      "name": "CVE-2014-1523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1523"
    },
    {
      "name": "CVE-2014-1492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1492"
    },
    {
      "name": "CVE-2014-1525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1525"
    },
    {
      "name": "CVE-2014-1531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1531"
    },
    {
      "name": "CVE-2014-1527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1527"
    },
    {
      "name": "CVE-2014-1520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1520"
    },
    {
      "name": "CVE-2014-1519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1519"
    },
    {
      "name": "CVE-2014-1518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1518"
    }
  ],
  "links": [],
  "reference": "CERTFR-2014-AVI-209",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-04-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eMozilla\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\nd\u00e9ni de service \u00e0 distance et un contournement de la politique de\ns\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2014-37 du 29 avril 2014",
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-37.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2014-35 du 29 avril 2014",
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-35.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2014-40 du 29 avril 2014",
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-40.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2014-44 du 29 avril 2014",
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-44.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2014-45 du 29 avril 2014",
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-45.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2014-39 du 29 avril 2014",
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-39.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2014-47 du 29 avril 2014",
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-47.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2014-43 du 29 avril 2014",
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-43.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2014-42 du 29 avril 2014",
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-42.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2014-36 du 29 avril 2014",
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-36.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2014-34 du 29 avril 2014",
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-34.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2014-41 du 29 avril 2014",
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-41.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2014-38 du 29 avril 2014",
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-38.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2014-46 du 29 avril 2014",
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-46.html"
    }
  ]
}

GSD-2014-1520

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2014-1520

Aliases

CVE-2014-1520

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-1520",
    "description": "maintenservice_installer.exe in the Maintenance Service Installer in Mozilla Firefox before 29.0 and Firefox ESR 24.x before 24.5 on Windows allows local users to gain privileges by placing a Trojan horse DLL file into a temporary directory at an unspecified point in the update process.",
    "id": "GSD-2014-1520",
    "references": [
      "https://www.suse.com/security/cve/CVE-2014-1520.html",
      "https://packetstormsecurity.com/files/cve/CVE-2014-1520"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-1520"
      ],
      "details": "maintenservice_installer.exe in the Maintenance Service Installer in Mozilla Firefox before 29.0 and Firefox ESR 24.x before 24.5 on Windows allows local users to gain privileges by placing a Trojan horse DLL file into a temporary directory at an unspecified point in the update process.",
      "id": "GSD-2014-1520",
      "modified": "2023-12-13T01:22:51.255035Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@mozilla.org",
        "ID": "CVE-2014-1520",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "maintenservice_installer.exe in the Maintenance Service Installer in Mozilla Firefox before 29.0 and Firefox ESR 24.x before 24.5 on Windows allows local users to gain privileges by placing a Trojan horse DLL file into a temporary directory at an unspecified point in the update process."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=961676",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=961676"
          },
          {
            "name": "FEDORA-2014-5833",
            "refsource": "FEDORA",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html"
          },
          {
            "name": "GLSA-201504-01",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/201504-01"
          },
          {
            "name": "59866",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/59866"
          },
          {
            "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "name": "1030163",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1030163"
          },
          {
            "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-35.html",
            "refsource": "CONFIRM",
            "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-35.html"
          },
          {
            "name": "FEDORA-2014-5829",
            "refsource": "FEDORA",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html"
          },
          {
            "name": "20210308 Unholy CRAP: Moziila\u0027s executable installers",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2021/Mar/14"
          },
          {
            "name": "http://packetstormsecurity.com/files/161696/Mozilla-Arbitrary-Code-Execution-Privilege-Escalation.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/161696/Mozilla-Arbitrary-Code-Execution-Privilege-Escalation.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "29.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "24.5",
                    "versionStartIncluding": "24.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2014-1520"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "maintenservice_installer.exe in the Maintenance Service Installer in Mozilla Firefox before 29.0 and Firefox ESR 24.x before 24.5 on Windows allows local users to gain privileges by placing a Trojan horse DLL file into a temporary directory at an unspecified point in the update process."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-269"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-35.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-35.html"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=961676",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Issue Tracking",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=961676"
            },
            {
              "name": "FEDORA-2014-5833",
              "refsource": "FEDORA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html"
            },
            {
              "name": "FEDORA-2014-5829",
              "refsource": "FEDORA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html"
            },
            {
              "name": "59866",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/59866"
            },
            {
              "name": "1030163",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1030163"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
            },
            {
              "name": "GLSA-201504-01",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/201504-01"
            },
            {
              "name": "20210308 Unholy CRAP: Moziila\u0027s executable installers",
              "refsource": "FULLDISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2021/Mar/14"
            },
            {
              "name": "http://packetstormsecurity.com/files/161696/Mozilla-Arbitrary-Code-Execution-Privilege-Escalation.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/161696/Mozilla-Arbitrary-Code-Execution-Privilege-Escalation.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2021-03-17T17:35Z",
      "publishedDate": "2014-04-30T10:49Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2014-1520 (GCVE-0-2014-1520)

GHSA-F8RP-8HGW-HRHP

FKIE_CVE-2014-1520

CERTFR-2014-AVI-209

Solution

CERTFR-2014-AVI-209

Solution

GSD-2014-1520

Tags

Sightings

Nomenclature