Unauthorized Installation Or Removal

2020-04-1000:38:01

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

JSON

Mozilla Firefox is vulnerable to Unauthorized Installation or Removal. Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user’s machine, making it possible to trick the user into believing they are viewing a trusted site or, potentially, execute arbitrary code with the privileges of the user running Firefox.

CPENameOperatorVersion
xulrunnereq1.9__0.beta5.6.el5
xulrunnereq1.9.0.6__1.el5
xulrunnereq1.9.0.11__3.el5_3
xulrunnereq1.9.0.7__1.el5
xulrunnereq1.9.0.4__1.el5
xulrunnereq1.9.0.12__1.el5_3
xulrunnereq1.9.0.5__1.el5_2
xulrunnereq1.9.0.9__1.el5
xulrunnereq1.9.0.10__1.el5
xulrunnereq1.9.0.1__1.el5

Name	Operator	Version
xulrunner	eq	1.9__0.beta5.6.el5
xulrunner	eq	1.9.0.6__1.el5
xulrunner	eq	1.9.0.11__3.el5_3
xulrunner	eq	1.9.0.7__1.el5
xulrunner	eq	1.9.0.4__1.el5
xulrunner	eq	1.9.0.12__1.el5_3
xulrunner	eq	1.9.0.5__1.el5_2
xulrunner	eq	1.9.0.9__1.el5
xulrunner	eq	1.9.0.10__1.el5
xulrunner	eq	1.9.0.1__1.el5