A vulnerability has been discovered in Mozilla Firefox, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to the application loading libraries (e.g. dwmapi.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening an HTML file located on a remote WebDAV or SMB share.
Successful exploitation allows execution of arbitrary code.
Solution: Update to version 3.6.9 or 3.5.12.
Provided and/or discovered by: * Glafkos Charalambous
* The vendor also credits Haifei Li of FortiGuard Labs and Acros Security.
Original Advisory: Mozilla:
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to email@example.com
Subject: Mozilla Firefox Insecure Library Loading Vulnerability
RE: Mozilla Firefox Insecure Library Loading Vulnerability
31st Aug, 2010 18:02
Score: 2384 Posts: 3,280 User Since: 19th Dec 2007 System Score: N/A Location: N/A
Hello @petereigler ,
This thread in this "vulnerabilities" sub-forum is for discussing the technical details of the vulnerability described in the Secunia Advisory 41095 (see link just above the thread header/title.
Your question is more general concerning your system's security and it would be best reposted by creating your own thread in say the "Program" sub-forum ; for details see the column on the upper left hand side of this webpage .
It always seems impossible until its done.