CVE-2013-1726

NameCVE-2013-1726
DescriptionMozilla Updater in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 does not ensure exclusive access to a MAR file, which allows local users to gain privileges by creating a Trojan horse file after MAR signature verification but before MAR use.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: local)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
icedove (PTS)jessie1:52.3.0-4~deb8u2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
iceapesource(unstable)(not affected)
icedovesource(unstable)(not affected)
iceweaselsource(unstable)(not affected)

Notes

- iceweasel <not-affected> (Updater not used in Debian)
- icedove <not-affected> (Updater not used in Debian)
- iceape <not-affected> (Updater not used in Debian)

Search for package or bug name: Reporting problems