Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-12423

Опубликовано: 30 июн. 2020
Источник: redhat
CVSS3: 7.8
EPSS Низкий

Описание

When the Windows DLL "webauthn.dll" was missing from the Operating System, and a malicious one was placed in a folder in the user's %PATH%, Firefox may have loaded the DLL, leading to arbitrary code execution. Note: This issue only affects the Windows operating system; other operating systems are unaffected. This vulnerability affects Firefox < 78.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5firefoxNot affected
Red Hat Enterprise Linux 6firefoxNot affected
Red Hat Enterprise Linux 7firefoxNot affected
Red Hat Enterprise Linux 8firefoxNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-426
https://bugzilla.redhat.com/show_bug.cgi?id=1872536Mozilla: DLL Hijacking due to searching %PATH% for a library

EPSS

Процентиль: 51%
0.0028
Низкий

7.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-12423

CVSS3: 7.8
ubuntu
больше 5 лет назад

When the Windows DLL "webauthn.dll" was missing from the Operating System, and a malicious one was placed in a folder in the user's %PATH%, Firefox may have loaded the DLL, leading to arbitrary code execution. *Note: This issue only affects the Windows operating system; other operating systems are unaffected.* This vulnerability affects Firefox < 78.

nvd логотип

CVE-2020-12423

CVSS3: 7.8
nvd
больше 5 лет назад

When the Windows DLL "webauthn.dll" was missing from the Operating System, and a malicious one was placed in a folder in the user's %PATH%, Firefox may have loaded the DLL, leading to arbitrary code execution. *Note: This issue only affects the Windows operating system; other operating systems are unaffected.* This vulnerability affects Firefox < 78.

debian логотип

CVE-2020-12423

CVSS3: 7.8
debian
больше 5 лет назад

When the Windows DLL "webauthn.dll" was missing from the Operating Sys ...

github логотип

GHSA-qj63-c77f-88gh

CVSS3: 7.8
github
больше 3 лет назад

When the Windows DLL "webauthn.dll" was missing from the Operating System, and a malicious one was placed in a folder in the user's %PATH%, Firefox may have loaded the DLL, leading to arbitrary code execution. *Note: This issue only affects the Windows operating system; other operating systems are unaffected.* This vulnerability affects Firefox < 78.

fstec логотип

BDU:2022-05938

CVSS3: 7.8
fstec
больше 5 лет назад

Уязвимость браузера Mozilla Firefox для Windows, связанная с неконтролируемым элементом пути поиска, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 51%
0.0028
Низкий

7.8 High

CVSS3

Уязвимость CVE-2020-12423