Test ID:	1.3.6.1.4.1.25623.1.0.802867
Category:	Privilege escalation
Title:	Mozilla Products Updater Service Privilege Escalation Vulnerabilities - Windows
Summary:	Mozilla Firefox/Thunderbird/Seamonkey is prone to multiple vulnerabilities.
Description:	Summary: Mozilla Firefox/Thunderbird/Seamonkey is prone to multiple vulnerabilities. Vulnerability Insight: - Mozilla updater allows to load a local DLL file in a privileged context. - The 'Updater.exe' in the Windows Updater Service allows to load an arbitrary local wsock32.dll file, which can then be run with the same system privileges used by the service. Vulnerability Impact: Successful attempt could allow local attackers to bypass security restrictions and gain the privileges. Affected Software/OS: SeaMonkey version 2.9, Thunderbird version 12.0 and Mozilla Firefox version 12.0 on Windows Solution: Upgrade to Mozilla Firefox version 13.0 or later, upgrade to SeaMonkey version to 2.10 or later, upgrade to Thunderbird version to 13.0 or later. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-1942 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16951 SuSE Security Announcement: SUSE-SU-2012:0746 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html Common Vulnerability Exposure (CVE) ID: CVE-2012-1943 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16924
Copyright	Copyright (C) 2012 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.