PT-2012-5102 · Mozilla+2 · Firefox+5

Masato Kinugawa

Published

2012-08-28

Updated

2024-10-21

CVE-2012-3974

CVSS v2.0

6.9

Medium

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 15.0 Firefox ESR versions prior to 10.0.7 Thunderbird versions prior to 15.0 Thunderbird ESR versions prior to 10.0.7

Description The issue allows local users to gain privileges via a Trojan horse executable file in a root directory due to an untrusted search path vulnerability in the installer on Windows.

Recommendations For Mozilla Firefox versions prior to 15.0, update to version 15.0 or later. For Firefox ESR versions prior to 10.0.7, update to version 10.0.7 or later. For Thunderbird versions prior to 15.0, update to version 15.0 or later. For Thunderbird ESR versions prior to 10.0.7, update to version 10.0.7 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

CVE-2012-3974

Affected Products

Firefox Esr

Firefox

Suse

Thunderbird

Thunderbird Esr

Windows

PT-2012-5102 · Mozilla+2 · Firefox+5

CVE-2012-3974

Weakness Enumeration

Related Identifiers

Affected Products

References · 10