Firefox sensor.dll Insecure Library Loading

Added: 09/13/2011
CVE: CVE-2011-2980
BID: 49217
OSVDB: 74583

Background

Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS.

Problem

A library loading vulnerability in Mozilla Firefox and Thunderbird allows arbitrary command execution when a user opens any document handled by the affected applications (IE: an HTML document) that is located in the same network directory as a specially crafted DLL file.

Resolution

Upgrade to Firefox 3.6.20 or higher.

References

<http://www.mozilla.org/security/announce/2011/mfsa2011-30.html&gt;
<https://bugzilla.mozilla.org/show_bug.cgi?id=642469&gt;

Limitations

An SMB share which is readable by the target computer, and a user name and password with write access to that share, must be specified.

The target user must open the RDP file located on the specified share.

This exploit has been tested against Mozilla Foundation Firefox 3.6.17 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).

Platforms

Windows