CVE-2010-3131
Mozilla Firefox < & Thunderbird < & SeaMonkey <3.5.12-3.6.9 <3.0.7-3.1.3 - DLL Hijacking
Title source: llmDescription
Untrusted search path vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Windows XP allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .htm, .html, .jtx, .mfp, or .eml file.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by h4ck3r#47 · clocalwindows
https://www.exploit-db.com/exploits/14783
exploitdb
WORKING POC
VERIFIED
by Glafkos Charalambous · clocalwindows
https://www.exploit-db.com/exploits/14730
References (12)
Scores
EPSS
0.1022
EPSS Percentile
93.2%
Details
Status
published
Products (47)
mozilla/firefox
3.6
mozilla/firefox
3.6.2
mozilla/firefox
3.6.3
mozilla/firefox
3.6.4
mozilla/firefox
3.6.6
mozilla/firefox
3.6.7
mozilla/firefox
3.6.8
mozilla/firefox
1.0 (2 CPE variants)
mozilla/firefox
1.0.1
mozilla/firefox
1.0.2
... and 37 more
Published
Aug 26, 2010
Tracked Since
Feb 18, 2026