CVE-2011-2980 — Mozilla Firefox vulnerability

2 documents2 sources

Severity

7.2HIGHNVD

EPSS

0.1%

top 82.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Thunderbird

Timeline

PublishedAug 18

Latest updateMay 17

Description

Untrusted search path vulnerability in the ThinkPadSensor::Startup function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, allows local users to gain privileges by leveraging write access in an unspecified directory to place a Trojan horse DLL that is loaded into the running Firefox process.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

▶NVDmozilla/firefox3.6.19+106

▶NVDmozilla/thunderbird24 versions+23

Patches

Patch: bugzilla.mozilla.org ↗Patch: bugzilla.mozilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-r3cm-vcqx-c6pp: Untrusted search path vulnerability in the ThinkPadSensor::Startup function in Mozilla Firefox before 3↗2022-05-17

▶