CVE-2014-1520

Published: Apr 30, 2014Modified: May 6, 2026

6.9

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 3.4 / Impact: 10.0

Source: NVD

Description

maintenservice_installer.exe in the Maintenance Service Installer in Mozilla Firefox before 29.0 and Firefox ESR 24.x before 24.5 on Windows allows local users to gain privileges by placing a Trojan horse DLL file into a temporary directory at an unspecified point in the update process.

Affected (4)

Products: Mozilla: Firefox · Fedoraproject: Fedora

1 product

1 product

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mozilla Firefox	Before 29.0
Mozilla Firefox	From 24.0 to 24.5

Running on/with	Platform Versions
Microsoft Windows	All versions

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 19
Fedoraproject Fedora	Version 20

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (20)

http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html

Source: security@mozilla.org

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html

Source: security@mozilla.org

Third Party Advisory

http://packetstormsecurity.com/files/161696/Mozilla-Arbitrary-Code-Execution-Privilege-Escalation.html

Source: security@mozilla.org

Third Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2021/Mar/14

Source: security@mozilla.org

Mailing ListThird Party Advisory

http://secunia.com/advisories/59866

Source: security@mozilla.org

Third Party Advisory

http://www.mozilla.org/security/announce/2014/mfsa2014-35.html

Source: security@mozilla.org

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Source: security@mozilla.org

Third Party Advisory

http://www.securitytracker.com/id/1030163

Source: security@mozilla.org

Third Party AdvisoryVDB Entry

https://bugzilla.mozilla.org/show_bug.cgi?id=961676

Source: security@mozilla.org

ExploitIssue TrackingPatchVendor Advisory

https://security.gentoo.org/glsa/201504-01

Source: security@mozilla.org

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://packetstormsecurity.com/files/161696/Mozilla-Arbitrary-Code-Execution-Privilege-Escalation.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2021/Mar/14

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://secunia.com/advisories/59866

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.mozilla.org/security/announce/2014/mfsa2014-35.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.securitytracker.com/id/1030163

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://bugzilla.mozilla.org/show_bug.cgi?id=961676

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingPatchVendor Advisory

https://security.gentoo.org/glsa/201504-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.