CVE-2010-3131 Information

Feb 14, 2021 cve

Description

Untrusted search path vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9 Thunderbird before 3.0.7 and 3.1.x before 3.1.3 and SeaMonkey before 2.0.7 on Windows XP allows local users and possibly remote attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .htm .html .jtx .mfp or .eml file.

Reference

http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html http://secunia.com/advisories/41095 http://secunia.com/advisories/41168 http://www.exploit-db.com/exploits/14730 http://www.exploit-db.com/exploits/14783 http://www.mozilla.org/security/announce/2010/mfsa2010-52.html http://www.securityfocus.com/archive/1/513324/100/0/threaded http://www.vupen.com/english/advisories/2010/2169 http://www.vupen.com/english/advisories/2010/2201 http://www.vupen.com/english/advisories/2010/2323 https://bugzilla.mozilla.org/show_bug.cgi?id=579593 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A12143

Share on: