Mozilla Foundation Security Advisory 2012-35

Privilege escalation through Mozilla Updater and Windows Updater Service

Announced

June 5, 2012

Reporter

James Forshaw

Impact

Critical

Products

Firefox, SeaMonkey, Thunderbird

Fixed in

Firefox 13
SeaMonkey 2.10
Thunderbird 13

Description

Security researcher James Forshaw of Context Information Security found two issues with the Mozilla updater and the Mozilla updater service introduced in Firefox 12 for Windows. The first issue allows Mozilla's updater to load a local DLL file in a privileged context. The updater can be called by the Updater Service or independently on systems that do not use the service. The second of these issues allows for the updater service to load an arbitrary local DLL file, which can then be run with the same system privileges used by the service. Both of these issues require local file system access to be exploitable.

References

Possible Arbitrary Code Execution by Update Service
CVE-2012-1942

Updater.exe loads wsock32.dll from application directory
CVE-2012-1943

Firefox for Desktop

Firefox for Android

Firefox for iOS

Firefox Focus

Firefox Blog

Release Notes

Mozilla Monitor

Facebook Container

Pocket

Mozilla VPN

Firefox Relay

MDN Plus

Fakespot

Mozilla Manifesto

Mozilla Foundation

Leadership

Get involved

Careers

Mozilla Blog

Impact

Firefox Developer Edition

MDN Web Docs

Mozilla Innovation Projects

Common Voice

Mozilla Foundation Security Advisory 2012-35

Privilege escalation through Mozilla Updater and Windows Updater Service

Description

References