{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2171?format=json","vulnerability_id":"VCID-ej13-1bps-5far","summary":"Mozilla developer Ehsan Akhgari reported that a\nfunction used to load external libraries on Windows platforms was\nusing a relative path to a DLL-loading application and was thus\nvulnerable to binary planting if an attacker was able to place an\nexecutable of the same name in the current working directory or any of\nthe other locations that Windows searches for executables.Dmitri Gribenko reported that the script used to\nlaunch Mozilla applications on Linux was effectively including the\ncurrent working directory in the LD_LIBRARY_PATH\nenvironment variable.  If an attacker was able to place into the\ncurrent working directory a malicious shared library with the same\nname as a library that the bootstrapping script depends on the\nattacker could have their library loaded instead of the legitimate\nlibrary.","aliases":[{"alias":"CVE-2010-3181"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/998?format=json","purl":"pkg:mozilla/Firefox@3.5.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.14"},{"url":"http://public2.vulnerablecode.io/api/packages/997?format=json","purl":"pkg:mozilla/Firefox@3.6.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.11"},{"url":"http://public2.vulnerablecode.io/api/packages/999?format=json","purl":"pkg:mozilla/SeaMonkey@2.0.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.0.9"},{"url":"http://public2.vulnerablecode.io/api/packages/1003?format=json","purl":"pkg:mozilla/Thunderbird@3.0.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@3.0.9"},{"url":"http://public2.vulnerablecode.io/api/packages/1002?format=json","purl":"pkg:mozilla/Thunderbird@3.1.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@3.1.5"}],"affected_packages":[],"references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3181","reference_id":"CVE-2010-3181","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3181"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-71","reference_id":"mfsa2010-71","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-71"}],"weaknesses":[],"exploits":[],"severity_range_score":"9.0 - 10.0","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ej13-1bps-5far"}