CVE-2013-1726

CVE Database · CVE-2013-1726

CVE-2013-1726

· N/AModified

CVSS v3.1

N/A

EPSS

0.34%

Published

Sep 18, 2013

Modified

Apr 28, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Mozilla Updater in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 does not ensure exclusive access to a MAR file, which allows local users to gain privileges by creating a Trojan horse file after MAR signature verification but before MAR use.

Weaknesses (CWE)

CWE-264

Affected Products (137)

mozilla · thunderbird_esrvulnerable

mozilla · thunderbirdvulnerable

References (12)

http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html

http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html

http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html

http://www.mozilla.org/security/announce/2013/mfsa2013-83.html

Vendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=890853

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18821

http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html

http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html

http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html

KEV Catalog EPSS Scores Vendors All CVEs