Lucene search

[email protected]NVD:CVE-2012-3974

HistoryAug 29, 2012 - 10:56 a.m.

CVE-2012-3974

2012-08-2910:56:41

CWE-399

[email protected]

web.nvd.nist.gov

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.1 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

14.2%

JSON

Untrusted search path vulnerability in the installer in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 on Windows allows local users to gain privileges via a Trojan horse executable file in a root directory.

Affected configurations

NVD

Node

microsoftwindows

AND

mozillafirefoxRange≤14.0

mozillafirefoxMatch1.0

mozillafirefoxMatch1.0preview_release

mozillafirefoxMatch1.0.1

mozillafirefoxMatch1.0.2

mozillafirefoxMatch1.0.3

mozillafirefoxMatch1.0.4

mozillafirefoxMatch1.0.5

mozillafirefoxMatch1.0.6

mozillafirefoxMatch1.0.7

mozillafirefoxMatch1.0.8

mozillafirefoxMatch1.4.1

mozillafirefoxMatch1.5

mozillafirefoxMatch1.5beta1

mozillafirefoxMatch1.5beta2

mozillafirefoxMatch1.5.0.1

mozillafirefoxMatch1.5.0.2

mozillafirefoxMatch1.5.0.3

mozillafirefoxMatch1.5.0.4

mozillafirefoxMatch1.5.0.5

mozillafirefoxMatch1.5.0.6

mozillafirefoxMatch1.5.0.7

mozillafirefoxMatch1.5.0.8

mozillafirefoxMatch1.5.0.9

mozillafirefoxMatch1.5.0.10

mozillafirefoxMatch1.5.0.11

mozillafirefoxMatch1.5.0.12

mozillafirefoxMatch1.5.1

mozillafirefoxMatch1.5.2

mozillafirefoxMatch1.5.3

mozillafirefoxMatch1.5.4

mozillafirefoxMatch1.5.5

mozillafirefoxMatch1.5.6

mozillafirefoxMatch1.5.7

mozillafirefoxMatch1.5.8

mozillafirefoxMatch1.8

mozillafirefoxMatch2.0

mozillafirefoxMatch2.0.0.1

mozillafirefoxMatch2.0.0.2

mozillafirefoxMatch2.0.0.3

mozillafirefoxMatch2.0.0.4

mozillafirefoxMatch2.0.0.5

mozillafirefoxMatch2.0.0.6

mozillafirefoxMatch2.0.0.7

mozillafirefoxMatch2.0.0.8

mozillafirefoxMatch2.0.0.9

mozillafirefoxMatch2.0.0.10

mozillafirefoxMatch2.0.0.11

mozillafirefoxMatch2.0.0.12

mozillafirefoxMatch2.0.0.13

mozillafirefoxMatch2.0.0.14

mozillafirefoxMatch2.0.0.15

mozillafirefoxMatch2.0.0.16

mozillafirefoxMatch2.0.0.17

mozillafirefoxMatch2.0.0.18

mozillafirefoxMatch2.0.0.19

mozillafirefoxMatch2.0.0.20

mozillafirefoxMatch3.0

mozillafirefoxMatch3.0.1

mozillafirefoxMatch3.0.2

mozillafirefoxMatch3.0.3

mozillafirefoxMatch3.0.4

mozillafirefoxMatch3.0.5

mozillafirefoxMatch3.0.6

mozillafirefoxMatch3.0.7

mozillafirefoxMatch3.0.8

mozillafirefoxMatch3.0.9

mozillafirefoxMatch3.0.10

mozillafirefoxMatch3.0.11

mozillafirefoxMatch3.0.12

mozillafirefoxMatch3.0.13

mozillafirefoxMatch3.0.14

mozillafirefoxMatch3.0.15

mozillafirefoxMatch3.0.16

mozillafirefoxMatch3.0.17

mozillafirefoxMatch3.5

mozillafirefoxMatch3.5.1

mozillafirefoxMatch3.5.2

mozillafirefoxMatch3.5.3

mozillafirefoxMatch3.5.4

mozillafirefoxMatch3.5.5

mozillafirefoxMatch3.5.6

mozillafirefoxMatch3.5.7

mozillafirefoxMatch3.5.8

mozillafirefoxMatch3.5.9

mozillafirefoxMatch3.5.10

mozillafirefoxMatch3.5.11

mozillafirefoxMatch3.5.12

mozillafirefoxMatch3.5.13

mozillafirefoxMatch3.5.14

mozillafirefoxMatch3.5.15

mozillafirefoxMatch3.6

mozillafirefoxMatch3.6.2

mozillafirefoxMatch3.6.3

mozillafirefoxMatch3.6.4

mozillafirefoxMatch3.6.6

mozillafirefoxMatch3.6.7

mozillafirefoxMatch3.6.8

mozillafirefoxMatch3.6.9

mozillafirefoxMatch3.6.10

mozillafirefoxMatch3.6.11

mozillafirefoxMatch3.6.12

mozillafirefoxMatch3.6.13

mozillafirefoxMatch3.6.14

mozillafirefoxMatch3.6.15

mozillafirefoxMatch3.6.16

mozillafirefoxMatch3.6.17

mozillafirefoxMatch3.6.18

mozillafirefoxMatch3.6.19

mozillafirefoxMatch3.6.20

mozillafirefoxMatch3.6.21

mozillafirefoxMatch3.6.22

mozillafirefoxMatch3.6.23

mozillafirefoxMatch3.6.24

mozillafirefoxMatch3.6.25

mozillafirefoxMatch4.0

mozillafirefoxMatch4.0beta1

mozillafirefoxMatch4.0beta10

mozillafirefoxMatch4.0beta11

mozillafirefoxMatch4.0beta12

mozillafirefoxMatch4.0beta2

mozillafirefoxMatch4.0beta3

mozillafirefoxMatch4.0beta4

mozillafirefoxMatch4.0beta5

mozillafirefoxMatch4.0beta6

mozillafirefoxMatch4.0beta7

mozillafirefoxMatch4.0beta8

mozillafirefoxMatch4.0beta9

mozillafirefoxMatch4.0.1

mozillafirefoxMatch5.0

mozillafirefoxMatch5.0.1

mozillafirefoxMatch6.0

mozillafirefoxMatch6.0.1

mozillafirefoxMatch6.0.2

mozillafirefoxMatch7.0

mozillafirefoxMatch7.0.1

mozillafirefoxMatch8.0

mozillafirefoxMatch8.0.1

mozillafirefoxMatch9.0

mozillafirefoxMatch9.0.1

mozillafirefoxMatch10.0

mozillafirefoxMatch10.0.1

mozillafirefoxMatch10.0.2

mozillafirefoxMatch11.0

mozillafirefoxMatch12.0

mozillafirefoxMatch12.0beta6

mozillafirefoxMatch13.0

Node

mozillafirefox_esrMatch10.0

mozillafirefox_esrMatch10.0.1

mozillafirefox_esrMatch10.0.2

mozillafirefox_esrMatch10.0.3

mozillafirefox_esrMatch10.0.4

mozillafirefox_esrMatch10.0.5

mozillafirefox_esrMatch10.0.6

AND

microsoftwindows

Node

mozillathunderbirdRange≤14.0

mozillathunderbirdMatch1.0

mozillathunderbirdMatch1.0.1

mozillathunderbirdMatch1.0.2

mozillathunderbirdMatch1.0.3

mozillathunderbirdMatch1.0.4

mozillathunderbirdMatch1.0.5

mozillathunderbirdMatch1.0.5beta

mozillathunderbirdMatch1.0.6

mozillathunderbirdMatch1.0.7

mozillathunderbirdMatch1.0.8

mozillathunderbirdMatch1.5

mozillathunderbirdMatch1.5beta2

mozillathunderbirdMatch1.5.0.1

mozillathunderbirdMatch1.5.0.2

mozillathunderbirdMatch1.5.0.3

mozillathunderbirdMatch1.5.0.4

mozillathunderbirdMatch1.5.0.5

mozillathunderbirdMatch1.5.0.6

mozillathunderbirdMatch1.5.0.7

mozillathunderbirdMatch1.5.0.8

mozillathunderbirdMatch1.5.0.9

mozillathunderbirdMatch1.5.0.10

mozillathunderbirdMatch1.5.0.11

mozillathunderbirdMatch1.5.0.12

mozillathunderbirdMatch1.5.0.13

mozillathunderbirdMatch1.5.0.14

mozillathunderbirdMatch1.5.1

mozillathunderbirdMatch1.5.2

mozillathunderbirdMatch1.7.1

mozillathunderbirdMatch1.7.3

mozillathunderbirdMatch2.0

mozillathunderbirdMatch2.0.0.0

mozillathunderbirdMatch2.0.0.1

mozillathunderbirdMatch2.0.0.2

mozillathunderbirdMatch2.0.0.3

mozillathunderbirdMatch2.0.0.4

mozillathunderbirdMatch2.0.0.5

mozillathunderbirdMatch2.0.0.6

mozillathunderbirdMatch2.0.0.7

mozillathunderbirdMatch2.0.0.8

mozillathunderbirdMatch2.0.0.9

mozillathunderbirdMatch2.0.0.11

mozillathunderbirdMatch2.0.0.12

mozillathunderbirdMatch2.0.0.13

mozillathunderbirdMatch2.0.0.14

mozillathunderbirdMatch2.0.0.15

mozillathunderbirdMatch2.0.0.16

mozillathunderbirdMatch2.0.0.17

mozillathunderbirdMatch2.0.0.18

mozillathunderbirdMatch2.0.0.19

mozillathunderbirdMatch2.0.0.20

mozillathunderbirdMatch2.0.0.21

mozillathunderbirdMatch2.0.0.22

mozillathunderbirdMatch2.0.0.23

mozillathunderbirdMatch3.0

mozillathunderbirdMatch3.0.1

mozillathunderbirdMatch3.0.2

mozillathunderbirdMatch3.0.3

mozillathunderbirdMatch3.0.4

mozillathunderbirdMatch3.0.5

mozillathunderbirdMatch3.0.6

mozillathunderbirdMatch3.0.7

mozillathunderbirdMatch3.0.8

mozillathunderbirdMatch3.0.9

mozillathunderbirdMatch3.0.10

mozillathunderbirdMatch3.0.11

mozillathunderbirdMatch3.1

mozillathunderbirdMatch3.1.1

mozillathunderbirdMatch3.1.2

mozillathunderbirdMatch3.1.3

mozillathunderbirdMatch3.1.4

mozillathunderbirdMatch3.1.5

mozillathunderbirdMatch3.1.6

mozillathunderbirdMatch3.1.7

mozillathunderbirdMatch3.1.8

mozillathunderbirdMatch3.1.9

mozillathunderbirdMatch3.1.10

mozillathunderbirdMatch3.1.11

mozillathunderbirdMatch3.1.12

mozillathunderbirdMatch3.1.13

mozillathunderbirdMatch3.1.14

mozillathunderbirdMatch3.1.15

mozillathunderbirdMatch3.1.16

mozillathunderbirdMatch3.1.17

mozillathunderbirdMatch3.1.18

mozillathunderbirdMatch3.1.19

mozillathunderbirdMatch5.0

mozillathunderbirdMatch6.0

mozillathunderbirdMatch6.0.1

mozillathunderbirdMatch6.0.2

mozillathunderbirdMatch7.0

mozillathunderbirdMatch7.0.1

mozillathunderbirdMatch8.0

mozillathunderbirdMatch9.0

mozillathunderbirdMatch9.0.1

mozillathunderbirdMatch10.0

mozillathunderbirdMatch10.0.1

mozillathunderbirdMatch10.0.2

mozillathunderbirdMatch10.0.3

mozillathunderbirdMatch10.0.4

mozillathunderbirdMatch11.0

mozillathunderbirdMatch12.0

mozillathunderbirdMatch13.0

AND

microsoftwindows

Node

mozillathunderbird_esrMatch10.0

mozillathunderbird_esrMatch10.0.1

mozillathunderbird_esrMatch10.0.2

mozillathunderbird_esrMatch10.0.3

mozillathunderbird_esrMatch10.0.4

mozillathunderbird_esrMatch10.0.5

mozillathunderbird_esrMatch10.0.6

AND

microsoftwindows

References

lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html

lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html

www.mozilla.org/security/announce/2012/mfsa2012-67.html

www.securityfocus.com/bid/55312

www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf

bugzilla.mozilla.org/show_bug.cgi?id=770478

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16692

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.1 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

14.2%

JSON

Related for NVD:CVE-2012-3974

seebug1 cve1 cvelist1 openvas17 mozilla1 prion1 nessus15 fedora1 freebsd1 securityvulns1 suse2