Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3974

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2012-3974
Last Modified 02 Nov 2013 11:26:36
Published 29 Aug 2012 06:56:41
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2012-3974

Summary

Untrusted search path vulnerability in the installer in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 on Windows allows local users to gain privileges via a Trojan horse executable file in a root directory.

Vulnerable Systems

Application

  • Mozilla Firefox 1.0

  • Mozilla Firefox 1.0.1

  • Mozilla Firefox 1.0.2

  • Mozilla Firefox 1.0.3

  • Mozilla Firefox 1.0.4

  • Mozilla Firefox 1.0.5

  • Mozilla Firefox 1.0.6

  • Mozilla Firefox 1.0.7

  • Mozilla Firefox 1.0.8

  • Mozilla Firefox 1.4.1

  • Mozilla Firefox 1.5

  • Mozilla Firefox 1.5.0.1

  • Mozilla Firefox 1.5.0.10

  • Mozilla Firefox 1.5.0.11

  • Mozilla Firefox 1.5.0.12

  • Mozilla Firefox 1.5.0.2

  • Mozilla Firefox 1.5.0.3

  • Mozilla Firefox 1.5.0.4

  • Mozilla Firefox 1.5.0.5

  • Mozilla Firefox 1.5.0.6

  • Mozilla Firefox 1.5.0.7

  • Mozilla Firefox 1.5.0.8

  • Mozilla Firefox 1.5.0.9

  • Mozilla Firefox 1.5.1

  • Mozilla Firefox 1.5.2

  • Mozilla Firefox 1.5.3

  • Mozilla Firefox 1.5.4

  • Mozilla Firefox 1.5.5

  • Mozilla Firefox 1.5.6

  • Mozilla Firefox 1.5.7

  • Mozilla Firefox 1.5.8

  • Mozilla Firefox 1.8

  • Mozilla Firefox 10.0

  • Mozilla Firefox 10.0.1

  • Mozilla Firefox 10.0.2

  • Mozilla Firefox 11.0

  • Mozilla Firefox 12.0

  • Mozilla Firefox 13.0

  • Mozilla Firefox 14.0

  • Mozilla Firefox 2.0

  • Mozilla Firefox 2.0.0.1

  • Mozilla Firefox 2.0.0.10

  • Mozilla Firefox 2.0.0.11

  • Mozilla Firefox 2.0.0.12

  • Mozilla Firefox 2.0.0.13

  • Mozilla Firefox 2.0.0.14

  • Mozilla Firefox 2.0.0.15

  • Mozilla Firefox 2.0.0.16

  • Mozilla Firefox 2.0.0.17

  • Mozilla Firefox 2.0.0.18

  • Mozilla Firefox 2.0.0.19

  • Mozilla Firefox 2.0.0.2

  • Mozilla Firefox 2.0.0.20

  • Mozilla Firefox 2.0.0.3

  • Mozilla Firefox 2.0.0.4

  • Mozilla Firefox 2.0.0.5

  • Mozilla Firefox 2.0.0.6

  • Mozilla Firefox 2.0.0.7

  • Mozilla Firefox 2.0.0.8

  • Mozilla Firefox 2.0.0.9

  • Mozilla Firefox 3.0

  • Mozilla Firefox 3.0.1

  • Mozilla Firefox 3.0.10

  • Mozilla Firefox 3.0.11

  • Mozilla Firefox 3.0.12

  • Mozilla Firefox 3.0.13

  • Mozilla Firefox 3.0.14

  • Mozilla Firefox 3.0.15

  • Mozilla Firefox 3.0.16

  • Mozilla Firefox 3.0.17

  • Mozilla Firefox 3.0.2

  • Mozilla Firefox 3.0.3

  • Mozilla Firefox 3.0.4

  • Mozilla Firefox 3.0.5

  • Mozilla Firefox 3.0.6

  • Mozilla Firefox 3.0.7

  • Mozilla Firefox 3.0.8

  • Mozilla Firefox 3.0.9

  • Mozilla Firefox 3.5

  • Mozilla Firefox 3.5.1

  • Mozilla Firefox 3.5.10

  • Mozilla Firefox 3.5.11

  • Mozilla Firefox 3.5.12

  • Mozilla Firefox 3.5.13

  • Mozilla Firefox 3.5.14

  • Mozilla Firefox 3.5.15

  • Mozilla Firefox 3.5.2

  • Mozilla Firefox 3.5.3

  • Mozilla Firefox 3.5.4

  • Mozilla Firefox 3.5.5

  • Mozilla Firefox 3.5.6

  • Mozilla Firefox 3.5.7

  • Mozilla Firefox 3.5.8

  • Mozilla Firefox 3.5.9

  • Mozilla Firefox 3.6

  • Mozilla Firefox 3.6.10

  • Mozilla Firefox 3.6.11

  • Mozilla Firefox 3.6.12

  • Mozilla Firefox 3.6.13

  • Mozilla Firefox 3.6.14

  • Mozilla Firefox 3.6.15

  • Mozilla Firefox 3.6.16

  • Mozilla Firefox 3.6.17

  • Mozilla Firefox 3.6.18

  • Mozilla Firefox 3.6.19

  • Mozilla Firefox 3.6.2

  • Mozilla Firefox 3.6.20

  • Mozilla Firefox 3.6.21

  • Mozilla Firefox 3.6.22

  • Mozilla Firefox 3.6.23

  • Mozilla Firefox 3.6.24

  • Mozilla Firefox 3.6.25

  • Mozilla Firefox 3.6.3

  • Mozilla Firefox 3.6.4

  • Mozilla Firefox 3.6.6

  • Mozilla Firefox 3.6.7

  • Mozilla Firefox 3.6.8

  • Mozilla Firefox 3.6.9

  • Mozilla Firefox 4.0

  • Mozilla Firefox 4.0.1

  • Mozilla Firefox 5.0

  • Mozilla Firefox 5.0.1

  • Mozilla Firefox 6.0

  • Mozilla Firefox 6.0.1

  • Mozilla Firefox 6.0.2

  • Mozilla Firefox 7.0

  • Mozilla Firefox 7.0.1

  • Mozilla Firefox 8.0

  • Mozilla Firefox 8.0.1

  • Mozilla Firefox 9.0

  • Mozilla Firefox 9.0.1

  • Mozilla Firefox Esr 10.0

  • Mozilla Firefox Esr 10.0.1

  • Mozilla Firefox Esr 10.0.2

  • Mozilla Firefox Esr 10.0.3

  • Mozilla Firefox Esr 10.0.4

  • Mozilla Firefox Esr 10.0.5

  • Mozilla Firefox Esr 10.0.6

  • Mozilla Thunderbird 1.0

  • Mozilla Thunderbird 1.0.1

  • Mozilla Thunderbird 1.0.2

  • Mozilla Thunderbird 1.0.3

  • Mozilla Thunderbird 1.0.4

  • Mozilla Thunderbird 1.0.5

  • Mozilla Thunderbird 1.0.6

  • Mozilla Thunderbird 1.0.7

  • Mozilla Thunderbird 1.0.8

  • Mozilla Thunderbird 1.5

  • Mozilla Thunderbird 1.5.0.1

  • Mozilla Thunderbird 1.5.0.10

  • Mozilla Thunderbird 1.5.0.11

  • Mozilla Thunderbird 1.5.0.12

  • Mozilla Thunderbird 1.5.0.13

  • Mozilla Thunderbird 1.5.0.14

  • Mozilla Thunderbird 1.5.0.2

  • Mozilla Thunderbird 1.5.0.3

  • Mozilla Thunderbird 1.5.0.4

  • Mozilla Thunderbird 1.5.0.5

  • Mozilla Thunderbird 1.5.0.6

  • Mozilla Thunderbird 1.5.0.7

  • Mozilla Thunderbird 1.5.0.8

  • Mozilla Thunderbird 1.5.0.9

  • Mozilla Thunderbird 1.5.1

  • Mozilla Thunderbird 1.5.2

  • Mozilla Thunderbird 1.7.1

  • Mozilla Thunderbird 1.7.3

  • Mozilla Thunderbird 10.0

  • Mozilla Thunderbird 10.0.1

  • Mozilla Thunderbird 10.0.2

  • Mozilla Thunderbird 10.0.3

  • Mozilla Thunderbird 10.0.4

  • Mozilla Thunderbird 11.0

  • Mozilla Thunderbird 12.0

  • Mozilla Thunderbird 13.0

  • Mozilla Thunderbird 14.0

  • Mozilla Thunderbird 2.0

  • Mozilla Thunderbird 2.0.0.0

  • Mozilla Thunderbird 2.0.0.1

  • Mozilla Thunderbird 2.0.0.11

  • Mozilla Thunderbird 2.0.0.12

  • Mozilla Thunderbird 2.0.0.13

  • Mozilla Thunderbird 2.0.0.14

  • Mozilla Thunderbird 2.0.0.15

  • Mozilla Thunderbird 2.0.0.16

  • Mozilla Thunderbird 2.0.0.17

  • Mozilla Thunderbird 2.0.0.18

  • Mozilla Thunderbird 2.0.0.19

  • Mozilla Thunderbird 2.0.0.2

  • Mozilla Thunderbird 2.0.0.20

  • Mozilla Thunderbird 2.0.0.21

  • Mozilla Thunderbird 2.0.0.22

  • Mozilla Thunderbird 2.0.0.23

  • Mozilla Thunderbird 2.0.0.3

  • Mozilla Thunderbird 2.0.0.4

  • Mozilla Thunderbird 2.0.0.5

  • Mozilla Thunderbird 2.0.0.6

  • Mozilla Thunderbird 2.0.0.7

  • Mozilla Thunderbird 2.0.0.8

  • Mozilla Thunderbird 2.0.0.9

  • Mozilla Thunderbird 3.0

  • Mozilla Thunderbird 3.0.1

  • Mozilla Thunderbird 3.0.10

  • Mozilla Thunderbird 3.0.11

  • Mozilla Thunderbird 3.0.2

  • Mozilla Thunderbird 3.0.3

  • Mozilla Thunderbird 3.0.4

  • Mozilla Thunderbird 3.0.5

  • Mozilla Thunderbird 3.0.6

  • Mozilla Thunderbird 3.0.7

  • Mozilla Thunderbird 3.0.8

  • Mozilla Thunderbird 3.0.9

  • Mozilla Thunderbird 3.1

  • Mozilla Thunderbird 3.1.1

  • Mozilla Thunderbird 3.1.10

  • Mozilla Thunderbird 3.1.11

  • Mozilla Thunderbird 3.1.12

  • Mozilla Thunderbird 3.1.13

  • Mozilla Thunderbird 3.1.14

  • Mozilla Thunderbird 3.1.15

  • Mozilla Thunderbird 3.1.16

  • Mozilla Thunderbird 3.1.17

  • Mozilla Thunderbird 3.1.18

  • Mozilla Thunderbird 3.1.19

  • Mozilla Thunderbird 3.1.2

  • Mozilla Thunderbird 3.1.3

  • Mozilla Thunderbird 3.1.4

  • Mozilla Thunderbird 3.1.5

  • Mozilla Thunderbird 3.1.6

  • Mozilla Thunderbird 3.1.7

  • Mozilla Thunderbird 3.1.8

  • Mozilla Thunderbird 3.1.9

  • Mozilla Thunderbird 5.0

  • Mozilla Thunderbird 6.0

  • Mozilla Thunderbird 6.0.1

  • Mozilla Thunderbird 6.0.2

  • Mozilla Thunderbird 7.0

  • Mozilla Thunderbird 7.0.1

  • Mozilla Thunderbird 8.0

  • Mozilla Thunderbird 9.0

  • Mozilla Thunderbird 9.0.1

  • Mozilla Thunderbird Esr 10.0

  • Mozilla Thunderbird Esr 10.0.1

  • Mozilla Thunderbird Esr 10.0.2

  • Mozilla Thunderbird Esr 10.0.3

  • Mozilla Thunderbird Esr 10.0.4

  • Mozilla Thunderbird Esr 10.0.5

  • Mozilla Thunderbird Esr 10.0.6


References

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=770478

CONFIRM - http://www.mozilla.org/security/announce/2012/mfsa2012-67.html

SUSE - SUSE-SU-2012:1167

SUSE - SUSE-SU-2012:1157

BID - 55312

CONFIRM - http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf

Related Patches

SUN145080-12 Solaris 10 SPARC: Firefox patch (Rev 2)

SUN145081-11 Solaris 10 x86: Firefox patch (Rev 2)

Novell SUSE 2012:6763 firefox-201208 security update for SLE 11 SP2 i586

Novell SUSE 2012:6763 firefox-201208 security update for SLE 11 SP2 x86_64

Novell SUSE 2012:8269 firefox-201208 security update for SLE 10 SP4 i586

Novell SUSE 2012:8269 firefox-201208 security update for SLE 10 SP4 x86_64

Mozilla Firefox ESR 10.0.7 for Mac OS X (Update) (See Note)

Mozilla Firefox (en-us) 15.0 for Windows (Update) (See Notes)

Mozilla Firefox 15.0 for Mac OS X (Update) (See Note)

Mozilla Firefox ESR (en-us) 10.0.7 for Windows (Update) (See Notes)


Last Updated: 27 May 2016 11:00:24