7.8
CVE-2020-12423
- EPSS 0.41%
- Veröffentlicht 09.07.2020 15:15:12
- Zuletzt bearbeitet 21.11.2024 04:59:42
- CVE-Watchlists
- Unerledigt
When the Windows DLL "webauthn.dll" was missing from the Operating System, and a malicious one was placed in a folder in the user's %PATH%, Firefox may have loaded the DLL, leading to arbitrary code execution. *Note: This issue only affects the Windows operating system; other operating systems are unaffected.* This vulnerability affects Firefox < 78.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.41% | 0.329 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.9 | 3.4 | 10 |
AV:L/AC:M/Au:N/C:C/I:C/A:C
|
CWE-427 Uncontrolled Search Path Element
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00027.html
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00049.html
https://www.mozilla.org/security/advisories/mfsa2020-24/
https://bugzilla.mozilla.org/show_bug.cgi?id=1642400