Vulnerability Description
Untrusted search path vulnerability in Updater.exe in the Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allows local users to gain privileges via a Trojan horse wsock32.dll file in an application directory.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | 12.0 |
| Mozilla | Seamonkey | 2.9 |
| Mozilla | Thunderbird | 12.0 |
| Microsoft | Windows | All versions |
References
- http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html
- http://www.mozilla.org/security/announce/2012/mfsa2012-35.htmlVendor Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=750850
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html
- http://www.mozilla.org/security/announce/2012/mfsa2012-35.htmlVendor Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=750850
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2012-1943?
CVE-2012-1943 is a vulnerability with a CVSS score of 6.9 (MEDIUM). Untrusted search path vulnerability in Updater.exe in the Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allows local users to gain privileges via a Tr...
How severe is CVE-2012-1943?
CVE-2012-1943 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-1943?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Seamonkey, Mozilla Thunderbird, Microsoft Windows.