Arbitrary Code Execution via Malicious webauthn.dll in Firefox on Windows

Arbitrary Code Execution via Malicious webauthn.dll in Firefox on Windows

CVE-2020-12423 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

When the Windows DLL "webauthn.dll" was missing from the Operating System, and a malicious one was placed in a folder in the user's %PATH%, Firefox may have loaded the DLL, leading to arbitrary code execution. *Note: This issue only affects the Windows operating system; other operating systems are unaffected.* This vulnerability affects Firefox < 78.

Learn more about our Web App Pen Testing.