oss-sec mailing list archives
CVE request for Mozilla Firefox (Windows)
From: "Stefan Kanthak" <stefan.kanthak () nexgo de>
Date: Wed, 10 Jul 2013 20:56:57 +0200
The installer of Mozilla Firefox writes the following command line with unquoted spaces for uninstallation into the Windows registry: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 22.0 (x86 en-US)] "UninstallString"="C:\\Program Files\\Mozilla Firefox\\uninstall\\helper.exe" See <https://bugzilla.mozilla.org/show_bug.cgi?id=871084>, <https://bugzilla.mozilla.org/show_bug.cgi?id=786407> and <https://bugzilla.mozilla.org/show_bug.cgi?id=868746> Due to a well-known and well-documented idiosyncrasy of Windows' CreateProcess() API this can result in the execution of a rogue program "C:\Program.exe" or "C:\Program Files\Mozilla.exe" with the privileges of the caller. Since the caller of this command line typically has administrative rights this vulnerability can lead to a privilege escalation. Affected versions: all current releases. Fixed version: 23.0. Stefan Kanthak
Current thread:
- CVE request for Mozilla Firefox (Windows) Stefan Kanthak (Jul 10)
- Re: CVE request for Mozilla Firefox (Windows) Kurt Seifried (Jul 10)