6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
13.5%
Mozilla developer Ehsan Akhgari reported that a function used to load external libraries on Windows platforms was using a relative path to a DLL-loading application and was thus vulnerable to binary planting if an attacker was able to place an executable of the same name in the current working directory or any of the other locations that Windows searches for executables.
CPE | Name | Operator | Version |
---|---|---|---|
firefox | lt | 3.5.14 | |
firefox | lt | 3.6.11 | |
seamonkey | lt | 2.0.9 | |
thunderbird | lt | 3.0.9 | |
thunderbird | lt | 3.1.5 |