7.8

CVE-2020-12423

When the Windows DLL "webauthn.dll" was missing from the Operating System, and a malicious one was placed in a folder in the user's %PATH%, Firefox may have loaded the DLL, leading to arbitrary code execution. *Note: This issue only affects the Windows operating system; other operating systems are unaffected.* This vulnerability affects Firefox < 78.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version < 78.0
   MicrosoftWindows Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.41% 0.329
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.9 3.4 10
AV:L/AC:M/Au:N/C:C/I:C/A:C
CWE-427 Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00027.html
Broken Link
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00049.html
Broken Link
https://www.mozilla.org/security/advisories/mfsa2020-24/
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1642400
Vendor Advisory
Issue Tracking