Mozilla Firefox Untrusted Search Path Vulnerability (Windows) Network Vulnerability

Summary

The host is installed with Mozilla firefox and is prone to untrusted search path vulnerability.

Impact

Successful exploitation will let attackers to execute arbitrary code in the context of the affected application. Impact Level: System/Application

Solution

Upgrade to Mozilla Firefox version 3.6.20 or later, For updates refer to http://www.mozilla.com/en-US/firefox/all.html

Insight

The flaw is due to error in 'ThinkPadSensor::Startup' allows local users to gain privileges by leveraging write access in an unspecified directory to place a Trojan horse DLL that is loaded into the running Firefox process.

Affected

Mozilla Firefox version before 3.6.20

References

http://www.mozilla.org/security/announce/2011/mfsa2011-30.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-2980

CVSS	Base Score: 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe AIR Multiple Vulnerabilities-01 Jun14 (Mac OS X)
Adobe Acrobat Multiple Unspecified Vulnerabilities - Windows
Adobe AIR Multiple Vulnerabilities-01 Dec13 (Mac OS X)
Adobe AIR Multiple Vulnerabilities-01 Sep13 (Mac OS X)
Adobe Air Multiple Vulnerabilities - November12 (Mac OS X)

Take action and discover your vulnerabilities