7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.018 Low
EPSS
Percentile
88.0%
Added: 09/13/2011
CVE: CVE-2011-2980
BID: 49217
OSVDB: 74583
Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS.
A library loading vulnerability in Mozilla Firefox and Thunderbird allows arbitrary command execution when a user opens any document handled by the affected applications (IE: an HTML document) that is located in the same network directory as a specially crafted DLL file.
Upgrade to Firefox 3.6.20 or higher.
<http://www.mozilla.org/security/announce/2011/mfsa2011-30.html>
<https://bugzilla.mozilla.org/show_bug.cgi?id=642469>
An SMB share which is readable by the target computer, and a user name and password with write access to that share, must be specified.
The target user must open the RDP file located on the specified share.
This exploit has been tested against Mozilla Foundation Firefox 3.6.17 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).
Windows