• Security Center
  • Security Advisories
  • Known Vulnerabilities
  • Bug Bounty
  • Security Blog

You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2012-67

Mozilla Foundation Security Advisory 2012-67

Title: Installer will launch incorrect executable following new installation
Impact: Moderate
Announced: August 28, 2012
Reporter: Masato Kinugawa
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 15
  Firefox ESR 10.0.7
  Thunderbird 16.0.2
  Thunderbird ESR 10.0.10
  SeaMonkey 2.13.2

Description

Security researcher Masato Kinugawa reported that if a crafted executable is placed in the root partition on a Windows file system, the Firefox and Thunderbird installer will launch this program after a standard installation instead of Firefox or Thunderbird, running this program with the user's privileges.

References

• Installer runs untrusted program
• CVE-2012-3974