CVE-2012-1943

high

Description

Untrusted search path vulnerability in Updater.exe in the Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allows local users to gain privileges via a Trojan horse wsock32.dll file in an application directory.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16924

https://bugzilla.mozilla.org/show_bug.cgi?id=750850

http://www.mozilla.org/security/announce/2012/mfsa2012-35.html

http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html

Details

Source: Mitre, NVD

Published: 2012-06-05

Updated: 2017-12-29

Risk Information

CVSS v2

Base Score: 6.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.3

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Severity: High