Vulnerability Description
Untrusted search path vulnerability in the installer in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 on Windows allows local users to gain privileges via a Trojan horse DLL in the default downloads directory.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | <= 16.0.2 |
| Microsoft | Windows | All versions |
References
- http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html
- http://www.mozilla.org/security/announce/2012/mfsa2012-98.htmlVendor Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=792106
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80176
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html
- http://www.mozilla.org/security/announce/2012/mfsa2012-98.htmlVendor Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=792106
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80176
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2012-4206?
CVE-2012-4206 is a vulnerability with a CVSS score of 6.9 (MEDIUM). Untrusted search path vulnerability in the installer in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 on Windows allows local users to gain privileges via a Trojan horse DLL in the d...
How severe is CVE-2012-4206?
CVE-2012-4206 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-4206?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Microsoft Windows.