Back to search
CVE-2010-3131
Published: Aug 26, 2010
Modified: Aug 7, 2024
PUBLISHED
Description
Untrusted search path vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Windows XP allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .htm, .html, .jtx, .mfp, or .eml file.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
41095
third-party-advisory
x_refsource_SECUNIA
SUSE-SA:2010:049
vendor-advisory
x_refsource_SUSE
14783
exploit
x_refsource_EXPLOIT-DB
20100824 Firefox <= 3.6.8 DLL Hijacking Exploit [dwmapi.dll]
mailing-list
x_refsource_BUGTRAQ
ADV-2010-2201
vdb-entry
x_refsource_VUPEN
14730
exploit
x_refsource_EXPLOIT-DB
http://www.mozilla.org/security/announce/2010/mfsa2010-52.html
x_refsource_CONFIRM
ADV-2010-2169
vdb-entry
x_refsource_VUPEN
ADV-2010-2323
vdb-entry
x_refsource_VUPEN
oval:org.mitre.oval:def:12143
vdb-entry
signature
x_refsource_OVAL
https://bugzilla.mozilla.org/show_bug.cgi?id=579593
x_refsource_CONFIRM
41168
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now