CVE-2010-3182 (retired)

Priority
Description
A certain application-launch script in Mozilla Firefox before 3.5.14 and
3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and
SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the
LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan
horse shared library in the current working directory.
Notes
 jdstrand> CVEs in Firefox are tracked in the xulrunner source packages for
  builds that use the system xulrunner, and firefox source packages for those
  that use a static build
xulrunner (1.8.0): firefox (1.5) - Ubuntu 6.06 LTS (system xul)
xulrunner (1.8.1): firefox (2.0) - Ubuntu 6.10 - 8.04 LTS (system xul)
xulrunner-1.9: (ignored) reverse dependencies no longer process web content
xulrunner-1.9.1: (ignored) reverese dependencies no longer process web content
xulrunner-1.9.2: system xul for reverese dependencies that process web content
firefox: Ubuntu 6.06 LTS (static build)
firefox: Ubuntu 10.04 LTS and higher (static build of 3.6.x or higher)
firefox-3.0: Ubuntu 8.04 LTS, 9.04 (static build of 3.6.x)
firefox-3.5: Ubuntu 9.04 (ignored, uses system xul 1.9.1. Use 3.0 instead)
firefox-3.5: Ubuntu 9.10 (static build of 3.6.x)
Assigned-to
chriscoulson
Package
Upstream:released (3.6.11)
Package
Upstream:needs-triage (Ubuntu source uses 3.6.x)
Package
Upstream:needs-triage (Ubuntu source uses 3.6.x)
Package
Upstream:released (2.0.9)
Package
Upstream:released (3.0.9, 3.1.5)
Package
Upstream:released (1.9.1.14)
Package
Upstream:released (1.9.2.11)
More Information

Updated: 2019-09-19 15:33:01 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)