Out-of-Bounds Affecting mozilla package, versions [,17.0.7][17.0.7,23.0)


Severity

Recommended
0.0
high
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.04% (6th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-UNMANAGED-MOZILLA-2378652
  • published26 Jan 2022
  • disclosed7 Aug 2013
  • creditUnknown

Introduced: 7 Aug 2013

CVE-2013-1706  (opens in a new tab)
CWE-119  (opens in a new tab)

How to fix?

Upgrade mozilla to version 23.0 or higher.

Overview

Affected versions of this package are vulnerable to Out-of-Bounds. Stack-based buffer overflow in maintenanceservice.exe in the Mozilla Maintenance Service in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 allows local users to gain privileges via a long pathname on the command line.

References

CVSS Scores

version 3.1