You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2012-67

Mozilla Foundation Security Advisory 2012-67

Title: Installer will launch incorrect executable following new installation
Impact: Moderate
Announced: August 28, 2012
Reporter: Masato Kinugawa
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 15
  Firefox ESR 10.0.7
  Thunderbird 16.0.2
  Thunderbird ESR 10.0.10
  SeaMonkey 2.13.2

Description

Security researcher Masato Kinugawa reported that if a crafted executable is placed in the root partition on a Windows file system, the Firefox and Thunderbird installer will launch this program after a standard installation instead of Firefox or Thunderbird, running this program with the user's privileges.

References