CVE-2013-0798

EUVD-2013-0809
Mozilla Firefox before 20.0 on Android uses world-writable and world-readable permissions for the app_tmp installation directory in the local filesystem, which allows attackers to modify add-ons before installation via an application that leverages the time window during which app_tmp is used.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
Affected Products (NVD)
VendorProductVersion
mozillafirefox
𝑥
≤ 19.0.2
mozillafirefox
19.0
mozillafirefox
19.0.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
hardy
ignored
lucid
not-affected
oneiric
not-affected
precise
not-affected
quantal
not-affected
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html
http://www.mozilla.org/security/announce/2013/mfsa2013-33.html
https://bugzilla.mozilla.org/show_bug.cgi?id=844832
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html
http://www.mozilla.org/security/announce/2013/mfsa2013-33.html
https://bugzilla.mozilla.org/show_bug.cgi?id=844832