Firefox sensor.dll Insecure Library Loading

Added: 09/13/2011
CVE: CVE-2011-2980
BID: 49217
OSVDB: 74583


Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS.


A library loading vulnerability in Mozilla Firefox and Thunderbird allows arbitrary command execution when a user opens any document handled by the affected applications (IE: an HTML document) that is located in the same network directory as a specially crafted DLL file.


Upgrade to Firefox 3.6.20 or higher.



An SMB share which is readable by the target computer, and a user name and password with write access to that share, must be specified.

The target user must open the RDP file located on the specified share.

This exploit has been tested against Mozilla Foundation Firefox 3.6.17 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).



Back to exploit index