CVE-2012-3974
Firefox < 15.0 - Untrusted Search Path Vulnerability via Trojan Horse Executable
Title source: llmDescription
Untrusted search path vulnerability in the installer in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 on Windows allows local users to gain privileges via a Trojan horse executable file in a root directory.
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/55312
Vendor Advisory x_refsource_confirm
http://www.mozilla.org/security/announce/2012/mfsa2012-67.html
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16692
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=770478
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html
Various Sources x_refsource_confirm
http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
Scores
EPSS
0.0030
EPSS Percentile
21.5%
Details
CWE
CWE-399
Status
published
Products (47)
mozilla/firefox
1.0 (2 CPE variants)
mozilla/firefox
1.0.1
mozilla/firefox
1.0.2
mozilla/firefox
1.0.3
mozilla/firefox
1.0.4
mozilla/firefox
1.0.5
mozilla/firefox
1.0.6
mozilla/firefox
1.0.7
mozilla/firefox
1.0.8
mozilla/firefox
1.4.1
... and 37 more
Published
Aug 29, 2012
Tracked Since
Feb 18, 2026