Mozilla Products Insecure Library Loading Vulnerability (Windows) Network Vulnerability

Summary

The host is installed with Mozilla Firefox/Seamonkey/Thunderbird and is prone to insecure library loading vulnerability.

Impact

Successful exploitation will allow the attackers to execute arbitrary code and conduct DLL hijacking attacks. Impact Level: Application

Solution

Upgrade Thunderbird to 3.1.3 or later Upgrade SeaMonkey to 2.0.7 or later Upgrade Firefox 3.6.9 or later http://www.mozilla.com/en-US/firefox/all.html http://www.mozillamessaging.com/en-US/thunderbird

Insight

The flaw is due to the application insecurely loading certain librairies from the current working directory, which could allow attackers to execute arbitrary code by tricking a user into opening a file.

Affected

Thunderbird version 3.1.2 SeaMonkey version 2.0.6 Firefox version 3.6.8 and prior on Windows.

References

http://secunia.com/advisories/41095
http://www.exploit-db.com/exploits/14783/
http://www.securityfocus.com/archive/1/archive/1/513324/100/0/threaded
http://www.vupen.com/english/advisories/2010/2169

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3131

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Air Code Execution and DoS Vulnerabilities (MAC OS X)
Adobe Acrobat and Reader Multiple Vulnerabilities -July10 (Windows)
Adobe Acrobat Multiple Vulnerabilities - 01 May14 (Windows)
Adobe AIR Multiple Vulnerabilities-01 Jun14 (Windows)
Adobe Air Multiple Vulnerabilities - October 12 (Mac OS X)

Take action and discover your vulnerabilities