A certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-10-21T18:12:00

Updated: 2024-08-07T03:03:18.340Z

Reserved: 2010-08-27T00:00:00

Link: CVE-2010-3182

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2010-10-21T19:00:03.443

Modified: 2024-11-21T01:18:13.450

Link: CVE-2010-3182

cve-icon Redhat

Severity : Moderate

Publid Date: 2010-10-19T00:00:00Z

Links: CVE-2010-3182 - Bugzilla