Mozilla · Firefox · CVE-2012-4206
**Name of the Vulnerable Software and Affected Versions**
Mozilla Firefox versions prior to 17.0
Mozilla Firefox ESR 10.x versions prior to 10.0.11
**Description**
The issue is related to an untrusted search path vulnerability in the installer. This vulnerability allows local users to gain privileges via a Trojan horse DLL in the default downloads directory.
**Recommendations**
For Mozilla Firefox versions prior to 17.0, update to version 17.0 or later.
For Mozilla Firefox ESR 10.x versions prior to 10.0.11, update to version 10.0.11 or later.