CVE-2012-1942

HIGH

Description

The Mozilla Updater and Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allow local users to gain privileges by loading a DLL file in a privileged context.

References

http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html

http://www.mozilla.org/security/announce/2012/mfsa2012-35.html

http://www.mozilla.org/security/announce/2013/mfsa2013-45.html

https://bugzilla.mozilla.org/show_bug.cgi?id=748764

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16951

Details

Source: MITRE

Published: 2012-06-05

Updated: 2017-12-29

Type: CWE-264

Risk Information

CVSS v2.0

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

AND

OR

cpe:2.3:a:mozilla:firefox:12.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:12.0:*:*:*:*:*:*:*

OR

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Tenable Plugins

View all (15 total)

IDNameProductFamilySeverity
68949SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 8001)NessusSuSE Local Security Checks
critical
66480Firefox < 21.0 Multiple VulnerabilitiesNessusWindows
critical
66476Firefox < 21.0 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
66455FreeBSD : mozilla -- multiple vulnerabilities (4a1ca8a4-bd82-11e2-b7a0-d43d7e0c7c02)NessusFreeBSD Local Security Checks
critical
64208SuSE 11.1 Security Update : Mozilla Firefox (SAT Patch Number 6425)NessusSuSE Local Security Checks
critical
59520SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8189)NessusSuSE Local Security Checks
critical
801375Mozilla SeaMonkey 2.x < 2.10 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
6496SeaMonkey 2.x < 2.10 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
801297Mozilla Firefox 12.x < 12 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
801240Mozilla Thunderbird 12.x < 12 Multiple VulnerabilitiesLog Correlation EngineSMTP Clients
high
6498Mozilla Thunderbird < 13.0 Multiple VulnerabilitiesNessus Network MonitorSMTP Clients
high
6497Mozilla Firefox < 13.0 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
59411SeaMonkey < 2.10.0 Multiple VulnerabilitiesNessusWindows
high
59409Mozilla Thunderbird < 13.0 Multiple VulnerabilitiesNessusWindows
high
59407Firefox < 13.0 Multiple VulnerabilitiesNessusWindows
high