Multiple untrusted search path vulnerabilities in the (1) full installer and (2) stub installer in Mozilla Firefox before 23.0 on Windows allow local users to gain privileges via a Trojan horse DLL in the default downloads directory. NOTE: this issue exists because of an incomplete fix for CVE-2012-4206.
2013-08-07T01:55:04.983
2025-04-11T00:51:21.963
Deferred
CVSSv2: 6.9 (MEDIUM)
AV:L/AC:M/Au:N/C:C/I:C/A:C
3.4
10.0
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | mozilla | firefox | ≤ 22.0 | Yes |
Application | mozilla | firefox | 19.0 | Yes |
Application | mozilla | firefox | 19.0.1 | Yes |
Application | mozilla | firefox | 19.0.2 | Yes |
Application | mozilla | firefox | 20.0 | Yes |
Application | mozilla | firefox | 20.0.1 | Yes |
Application | mozilla | firefox | 21.0 | Yes |
Operating System | microsoft | windows | * | No |