PT-2020-6749 · Mozilla+2 · Firefox+2

Riccardo Ancarani

Published

2020-06-30

Updated

2024-12-12

CVE-2020-12423

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 78

Description The issue is related to the Windows DLL "webauthn.dll". If this DLL is missing from the Operating System and a malicious version is placed in a folder in the user's %PATH%, Firefox may load the malicious DLL, leading to arbitrary code execution. This issue only affects the Windows operating system.

Recommendations For versions prior to 78, update to version 78 or later to resolve the issue. As a temporary workaround, consider restricting access to the webauthn.dll file to minimize the risk of exploitation. Additionally, ensure that only trusted DLLs are placed in folders within the user's %PATH%.

Exploit

Fix

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-427

Related Identifiers

ALT-PU-2020-2309

ALT-PU-2020-2408

ALT-PU-2020-2709

ALT-PU-2020-2933

ALT-PU-2020-2934

ALT-PU-2020-3442

ALT-PU-2021-1368

ALT-PU-2021-1369

ALT-PU-2021-3368

BDU:2022-05938

CVE-2020-12423

OPENSUSE-SU-2020:0983-1

OPENSUSE-SU-2020:1017-1

OPENSUSE-SU-2020_0983-1

OPENSUSE-SU-2020_1017-1

OPENSUSE-SU-2024:10600-1

OPENSUSE-SU-2024:14572-1

SUSE-SU-2020:14421-1

SUSE-SU-2020:1898-1

SUSE-SU-2020:1899-1

Affected Products

Alt Linux

Firefox

Suse

PT-2020-6749 · Mozilla+2 · Firefox+2

CVE-2020-12423

Weakness Enumeration

Related Identifiers

Affected Products

References · 1902