Vulnerability CVE-2012-3974 - CERT Civis.Net

Vulnerability Name:

CVE-2012-3974 (CCN-78104)

Assigned:

2012-08-28

Published:

2012-08-28

Updated:

2017-09-19

Summary:

Untrusted search path vulnerability in the installer in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 on Windows allows local users to gain privileges via a Trojan horse executable file in a root directory.

CVSS v3 Severity:

9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)
5.1 Medium (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2012-3974

Source: SUSE
Type: UNKNOWN
SUSE-SU-2012:1157

Source: SUSE
Type: UNKNOWN
SUSE-SU-2012:1167

Source: CCN
Type: SA50088
Mozilla Firefox Multiple Vulnerabilities

Source: CCN
Type: SA50308
Mozilla Thunderbird Multiple Vulnerabilities

Source: CCN
Type: SA50437
Pale Moon Multiple Vulnerabilities

Source: CCN
Type: SA51562
Oracle Solaris Mozilla Firefox Multiple Vulnerabilities

Source: CCN
Type: MFSA 2012-67
Installer will launch incorrect executable following new installation

Source: CONFIRM
Type: Vendor Advisory
http://www.mozilla.org/security/announce/2012/mfsa2012-67.html

Source: CCN
Type: OSVDB ID: 84998
Mozilla Multiple Product Root Partition Executable Execution

Source: CCN
Type: Pale Moon Web site
Pale Moon

Source: BID
Type: UNKNOWN
55312

Source: CCN
Type: BID-55312
Mozilla Firefox/Thunderbird CVE-2012-3974 Local Code Execution Vulnerability

Source: CONFIRM
Type: UNKNOWN
http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf

Source: CCN
Type: Oracle Security Blog, Dec 11, 2012
Multiple vulnerabilities in Firefox

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.mozilla.org/show_bug.cgi?id=770478

Source: XF
Type: UNKNOWN
firefox-executable-privilege-esc(78104)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:16692

Vulnerable Configuration:

Configuration 1:

cpe:/o:microsoft:windows:*:*:*:*:*:*:*:*

AND

cpe:/a:mozilla:firefox:1.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0:preview_release:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.4.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.15:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.16:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.17:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.18:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.19:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.20:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0.11:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0.12:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0.13:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0.14:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0.15:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0.16:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0.17:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.5.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.5.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.5.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.5.9:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.5.10:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.5.11:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.5.12:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.5.13:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.5.14:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.5.15:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.6.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.6.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.6.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.6.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.6.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.6.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.6.9:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.6.10:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.6.11:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.6.12:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.6.13:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.6.14:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.6.15:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.6.16:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.6.17:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.6.18:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.6.19:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.6.20:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.6.21:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.6.22:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.6.23:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.6.24:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.6.25:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:4.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:4.0:beta1:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:4.0:beta10:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:4.0:beta11:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:4.0:beta12:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:4.0:beta2:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:4.0:beta3:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:4.0:beta4:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:4.0:beta5:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:4.0:beta6:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:4.0:beta7:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:4.0:beta8:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:4.0:beta9:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:4.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:5.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:5.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:6.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:6.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:6.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:7.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:7.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:8.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:8.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:9.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:9.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:10.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:10.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:10.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:11.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:12.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:12.0:beta6:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:13.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:*:*:*:*:*:*:*:* (Version <= 14.0)

Configuration 2:

cpe:/a:mozilla:firefox_esr:10.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox_esr:10.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox_esr:10.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox_esr:10.0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox_esr:10.0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox_esr:10.0.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox_esr:10.0.6:*:*:*:*:*:*:*

AND

cpe:/o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:mozilla:thunderbird:1.0:-:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.5:beta:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5:-:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.9:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.10:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.11:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.12:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.13:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.14:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.7.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.7.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0:-:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.9:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.11:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.12:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.13:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.14:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.15:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.16:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.17:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.18:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.19:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.20:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.21:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.22:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.23:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:3.0:-:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:3.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:3.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:3.0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:3.0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:3.0.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:3.0.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:3.0.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:3.0.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:3.0.9:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:3.0.10:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:3.0.11:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:3.1:-:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:3.1.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:3.1.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:3.1.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:3.1.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:3.1.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:3.1.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:3.1.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:3.1.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:3.1.9:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:3.1.10:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:3.1.11:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:3.1.12:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:3.1.13:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:3.1.14:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:3.1.15:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:3.1.16:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:3.1.17:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:3.1.18:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:3.1.19:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:5.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:6.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:6.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:6.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:7.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:7.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:8.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:9.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:9.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:10.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:10.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:10.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:10.0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:10.0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:11.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:12.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:13.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:*:*:*:*:*:*:*:* (Version <= 14.0)

AND

cpe:/o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 4:

cpe:/a:mozilla:thunderbird_esr:10.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird_esr:10.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird_esr:10.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird_esr:10.0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird_esr:10.0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird_esr:10.0.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird_esr:10.0.6:*:*:*:*:*:*:*

AND

cpe:/o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:mozilla:thunderbird_esr:10.0.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:14.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox_esr:10.0.6:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20123974	V	CVE-2012-3974	2022-05-20
oval:org.opensuse.security:def:33759	P	Security update for chrony (Moderate)	2021-12-22
oval:org.opensuse.security:def:32250	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:33756	P	Security update for xorg-x11-server (Important)	2021-12-14
oval:org.opensuse.security:def:29460	P	Security update for glib-networking (Important)	2021-12-13
oval:org.opensuse.security:def:26173	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:57132	P	Security update for postgresql10 (Important)	2021-11-22
oval:org.opensuse.security:def:33042	P	Security update for MozillaFirefox (Important)	2021-11-17
oval:org.opensuse.security:def:26162	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:26161	P	Security update for samba (Important)	2021-11-10
oval:org.opensuse.security:def:33035	P	Security update for transfig (Important)	2021-10-29
oval:org.opensuse.security:def:33031	P	Security update for cairo (Low)	2021-10-22
oval:org.opensuse.security:def:33030	P	Security update for fetchmail (Moderate)	2021-10-20
oval:org.opensuse.security:def:33012	P	Security update for xen (Important)	2021-09-23
oval:org.opensuse.security:def:34544	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:33717	P	Security update for transfig (Moderate)	2021-09-16
oval:org.opensuse.security:def:33710	P	Security update for file (Important)	2021-09-02
oval:org.opensuse.security:def:34504	P	Security update for cpio (Important)	2021-08-14
oval:org.opensuse.security:def:32973	P	Security update for libsndfile (Critical)	2021-08-05
oval:org.opensuse.security:def:29375	P	Security update for gstreamer-plugins-bad (Important)	2021-06-07
oval:org.opensuse.security:def:55178	P	Security update for java-1_7_0-openjdk (Moderate)	2021-04-29
oval:org.opensuse.security:def:55856	P	Security update for python-cryptography (Important)	2021-03-02
oval:org.opensuse.security:def:32261	P	Security update for krb5-appl (Important)	2021-02-19
oval:org.opensuse.security:def:33079	P	Security update for ImageMagick (Moderate)	2021-02-19
oval:org.opensuse.security:def:32249	P	Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3) (Important)	2021-02-10
oval:org.opensuse.security:def:28930	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP2) (Important)	2021-02-10
oval:org.opensuse.security:def:33653	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:32924	P	Security update for perl-Convert-ASN1 (Moderate)	2021-01-19
oval:org.opensuse.security:def:55775	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP2) (Important)	2020-12-07
oval:org.opensuse.security:def:28675	P	Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:33798	P	Security update for gd	2020-12-01
oval:org.opensuse.security:def:28591	P	Security update for OpenSSH	2020-12-01
oval:org.opensuse.security:def:30492	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:28534	P	Security update for Mono	2020-12-01
oval:org.opensuse.security:def:30455	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:28449	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:29817	P	Security update for jasper (Low)	2020-12-01
oval:org.opensuse.security:def:28318	P	Security update for openssl (Moderate)	2020-12-01
oval:org.opensuse.security:def:33496	P	Security update for libxml2	2020-12-01
oval:org.opensuse.security:def:29773	P	Security update for glibc (Moderate)	2020-12-01
oval:org.opensuse.security:def:28251	P	Security update for libxml2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:33408	P	Security update for cobbler (Moderate)	2020-12-01
oval:org.opensuse.security:def:29755	P	Security update for ghostscript-library (Important)	2020-12-01
oval:org.opensuse.security:def:28240	P	Security update for libvorbis (Moderate)	2020-12-01
oval:org.opensuse.security:def:33351	P	Security update for openssl (Moderate)	2020-12-01
oval:org.opensuse.security:def:29716	P	Security update for MozillaFirefox	2020-12-01
oval:org.opensuse.security:def:27610	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:28239	P	Security update for libvorbis (Moderate)	2020-12-01
oval:org.opensuse.security:def:33256	P	socat on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29667	P	Security update for dbus-1 (Important)	2020-12-01
oval:org.opensuse.security:def:27575	P	unixODBC_23-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33121	P	kdebase3-runtime on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29613	P	Security update for bind (Critical)	2020-12-01
oval:org.opensuse.security:def:26937	P	libMagickCore1-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26893	P	fetchmail on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26879	P	cvs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:57206	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:29318	P	Security update for compat-openssl097g	2020-12-01
oval:org.opensuse.security:def:26840	P	wireshark on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29232	P	Security update for python (Important)	2020-12-01
oval:org.opensuse.security:def:26791	P	openslp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29101	P	Recommended update for glibc (Moderate)	2020-12-01
oval:org.opensuse.security:def:26738	P	libapr-util1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29032	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:26587	P	libgtop on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55737	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:29021	P	Security update for qemu	2020-12-01
oval:org.opensuse.security:def:26503	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:55663	P	Security update for gdk-pixbuf (Moderate)	2020-12-01
oval:org.opensuse.security:def:28543	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:29020	P	Security update for resource-agents (Important)	2020-12-01
oval:org.opensuse.security:def:26446	P	Security update for kconfig, kdelibs4 (Important)	2020-12-01
oval:org.opensuse.security:def:55571	P	Security update for perl-XML-LibXML (Moderate)	2020-12-01
oval:org.opensuse.security:def:28508	P	Security update for openssl (Moderate)	2020-12-01
oval:org.opensuse.security:def:26365	P	Security update of chromium (Important)	2020-12-01
oval:org.opensuse.security:def:55463	P	Security update for xfsprogs (Moderate)	2020-12-01
oval:org.opensuse.security:def:27870	P	Security update for python-lxml	2020-12-01
oval:org.opensuse.security:def:26237	P	Security update for mariadb-100 (Moderate)	2020-12-01
oval:org.opensuse.security:def:27826	P	Security update for libxml2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:55012	P	socat on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27812	P	Security update for LibreOffice	2020-12-01
oval:org.opensuse.security:def:54906	P	libpcre1-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27773	P	Security update for kdebase4-workspace	2020-12-01
oval:org.opensuse.security:def:54733	P	bogofilter on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27724	P	Security update for elfutils	2020-12-01
oval:org.opensuse.security:def:54495	P	hyper-v on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27671	P	Security update for rubygem-rdoc	2020-12-01
oval:org.opensuse.security:def:54355	P	perl-Tk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27520	P	netatalk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:54333	P	logrotate on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27436	P	libbz2-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29704	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:54332	P	libzmq3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27379	P	bytefx-data-mysql on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29668	P	Security update for dhcp	2020-12-01
oval:org.opensuse.security:def:27297	P	stunnel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32867	P	gd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29030	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:27169	P	libFLAC++6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32711	P	libfreebl3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28986	P	Security update for wpa_supplicant (Moderate)	2020-12-01
oval:org.opensuse.security:def:27105	P	cyrus-imapd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32624	P	NetworkManager on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28969	P	Security update for orca (Moderate)	2020-12-01
oval:org.opensuse.security:def:27094	P	bzip2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32567	P	libsndfile on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27093	P	boost-license on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32473	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:28881	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:33866	P	Security update for jasper (Important)	2020-12-01
oval:org.opensuse.security:def:32338	P	Security update for sblim-sfcb (Moderate)	2020-12-01
oval:org.opensuse.security:def:28827	P	Security update for Ruby	2020-12-01
oval:org.opensuse.security:def:33822	P	Security update for glibc (Moderate)	2020-12-01
oval:org.mitre.oval:def:16692	V	Untrusted search path vulnerability in the installer in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 on Windows allows local users to gain privileges via a Trojan horse executable file in a root directory.	2014-10-06
oval:org.opensuse.security:def:79840	P	Security update for Mozilla Firefox	2012-08-31