VYPR
← All advisories
Unrated severityNVD Advisory· Published Aug 7, 2013· Updated Apr 29, 2026

CVE-2013-1707

CVE-2013-1707

Description

Stack-based buffer overflow in Mozilla Updater in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 allows local users to gain privileges via a long pathname on the command line to the Mozilla Maintenance Service.

Affected products

31
  • Mozilla Corporation/Firefox15 versions
    cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*+ 14 more
    • cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*range: <=22.0
    • cpe:2.3:a:mozilla:firefox:17.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:17.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:17.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:17.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:17.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:17.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:17.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:17.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:19.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:19.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:19.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:20.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:20.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:21.0:*:*:*:*:*:*:*
  • Mozilla Corporation/Thunderbird8 versions
    cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*+ 7 more
    • cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*range: <=17.0.7
    • cpe:2.3:a:mozilla:thunderbird:17.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:17.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:17.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:17.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:17.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:17.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:17.0.6:*:*:*:*:*:*:*
  • Mozilla Corporation/Thunderbird Esr8 versions
    cpe:2.3:a:mozilla:thunderbird_esr:17.0:*:*:*:*:*:*:*+ 7 more
    • cpe:2.3:a:mozilla:thunderbird_esr:17.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird_esr:17.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird_esr:17.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird_esr:17.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird_esr:17.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird_esr:17.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird_esr:17.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird_esr:17.0.7:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.