Vulnerabilities > CVE-2012-0463 - Improper Input Validation vulnerability in Mozilla products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The nsWindow implementation in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 does not check the validity of an instance after event dispatching, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, as demonstrated by Mobile Firefox on Android.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Server Side Include (SSI) Injection An attacker can use Server Side Include (SSI) Injection to send code to a web application that then gets executed by the web server. Doing so enables the attacker to achieve similar results to Cross Site Scripting, viz., arbitrary code execution and information disclosure, albeit on a more limited scale, since the SSI directives are nowhere near as powerful as a full-fledged scripting language. Nonetheless, the attacker can conveniently gain access to sensitive files, such as password files, and execute shell commands.
- Cross Zone Scripting An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. This attack differs from "Restful Privilege Escalation" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser.
- Cross Site Scripting through Log Files An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
- Command Line Execution through SQL Injection An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.
Nessus
NASL family MacOS X Local Security Checks NASL id MACOSX_FIREFOX_3_6_28.NASL description The installed version of Firefox 3.6.x is potentially affected by the following security issues : - Multiple memory corruption issues. By tricking a user into visiting a specially crafted page, these issues may allow an attacker to execute arbitrary code in the context of the affected application. (CVE-2012-0457, CVE-2012-0461, CVE-2012-0463, CVE-2012-0464) - A security bypass vulnerability that can be exploited by an attacker if the victim can be tricked into setting a new home page by dragging a specially crafted link to the last seen 2020-06-01 modified 2020-06-02 plugin id 58354 published 2012-03-15 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58354 title Firefox 3.6.x < 3.6.28 Multiple Vulnerabilities (Mac OS X) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(58354); script_version("1.11"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_cve_id( "CVE-2012-0455", "CVE-2012-0456", "CVE-2012-0457", "CVE-2012-0458", "CVE-2012-0461", "CVE-2012-0463", "CVE-2012-0464" ); script_bugtraq_id( 52458, 52459, 52460, 52461, 52464, 52465, 52466 ); script_name(english:"Firefox 3.6.x < 3.6.28 Multiple Vulnerabilities (Mac OS X)"); script_summary(english:"Checks version of Firefox"); script_set_attribute( attribute:"synopsis", value: "The remote Mac OS X host contains a web browser that is affected by multiple vulnerabilities." ); script_set_attribute( attribute:"description", value: "The installed version of Firefox 3.6.x is potentially affected by the following security issues : - Multiple memory corruption issues. By tricking a user into visiting a specially crafted page, these issues may allow an attacker to execute arbitrary code in the context of the affected application. (CVE-2012-0457, CVE-2012-0461, CVE-2012-0463, CVE-2012-0464) - A security bypass vulnerability that can be exploited by an attacker if the victim can be tricked into setting a new home page by dragging a specially crafted link to the 'home' button URL, which will set the user's home page to a 'javascript:' URL. (CVE-2012-0458) - An information disclosure vulnerability exists due to an out of bounds read in SVG filters. (CVE-2012-0456) - A cross-site scripting vulnerability exists that can be triggered by dragging and dropping 'javascript:' links onto a frame. (CVE-2012-0455)" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-13/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-14/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-16/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-19/"); script_set_attribute( attribute:"solution", value:"Upgrade to Firefox 3.6.28 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"vuln_publication_date", value:"2012/03/13"); script_set_attribute(attribute:"patch_publication_date", value:"2012/03/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/03/15"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc."); script_dependencies("macosx_firefox_installed.nasl"); script_require_keys("MacOSX/Firefox/Installed"); exit(0); } include("mozilla_version.inc"); kb_base = "MacOSX/Firefox"; get_kb_item_or_exit(kb_base+"/Installed"); version = get_kb_item_or_exit(kb_base+"/Version", exit_code:1); path = get_kb_item_or_exit(kb_base+"/Path", exit_code:1); mozilla_check_version(product:'firefox', version:version, path:path, esr:FALSE, fix:'3.6.28', min:'3.6', severity:SECURITY_HOLE, xss:TRUE);NASL family Windows NASL id MOZILLA_FIREFOX_1003.NASL description The installed version of Firefox 10.0.x is potentially affected by the following security issues : - Multiple memory corruption issues. By tricking a user into visiting a specially crafted page, these issues may allow an attacker to execute arbitrary code in the context of the affected application. (CVE-2012-0454, CVE-2012-0457, CVE-2012-0459, CVE-2012-0461, CVE-2012-0462, CVE-2012-0463, CVE-2012-0464) - An HTTP Header security bypass vulnerability exists that can be leveraged by attackers to bypass certain security restrictions and conduct cross-site scripting attacks. (CVE-2012-0451). - A security bypass vulnerability exists that can be exploited by an attacker if the victim can be tricked into setting a new home page by dragging a specially crafted link to the last seen 2020-06-01 modified 2020-06-02 plugin id 58348 published 2012-03-15 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58348 title Firefox 10.0.x < 10.0.3 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(58348); script_version("1.10"); script_cvs_date("Date: 2018/07/16 14:09:14"); script_cve_id( "CVE-2012-0451", "CVE-2012-0454", "CVE-2012-0455", "CVE-2012-0456", "CVE-2012-0457", "CVE-2012-0458", "CVE-2012-0459", "CVE-2012-0460", "CVE-2012-0461", "CVE-2012-0462", "CVE-2012-0463", "CVE-2012-0464" ); script_bugtraq_id( 52455, 52456, 52457, 52458, 52459, 52460, 52461, 52463, 52464, 52465, 52466, 52467 ); script_name(english:"Firefox 10.0.x < 10.0.3 Multiple Vulnerabilities"); script_summary(english:"Checks version of Firefox"); script_set_attribute( attribute:"synopsis", value: "The remote Windows host contains a web browser that is affected by multiple vulnerabilities." ); script_set_attribute( attribute:"description", value: "The installed version of Firefox 10.0.x is potentially affected by the following security issues : - Multiple memory corruption issues. By tricking a user into visiting a specially crafted page, these issues may allow an attacker to execute arbitrary code in the context of the affected application. (CVE-2012-0454, CVE-2012-0457, CVE-2012-0459, CVE-2012-0461, CVE-2012-0462, CVE-2012-0463, CVE-2012-0464) - An HTTP Header security bypass vulnerability exists that can be leveraged by attackers to bypass certain security restrictions and conduct cross-site scripting attacks. (CVE-2012-0451). - A security bypass vulnerability exists that can be exploited by an attacker if the victim can be tricked into setting a new home page by dragging a specially crafted link to the 'home' button URL, which will set the user's home page to a 'javascript:' URL. (CVE-2012-0458) - An information disclosure vulnerability exists due to an out-of-bounds read in SVG filters. (CVE-2012-0456) - A cross-site scripting vulnerability exists that can be triggered by dragging and dropping 'javascript:' links onto a frame. (CVE-2012-0455) - 'window.fullScreen' is writeable by untrusted content, allowing attackers to perform UI spoofing attacks. (CVE-2012-0460)" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-12/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-13/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-14/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-15/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-16/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-17/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-18/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-19/"); script_set_attribute( attribute:"solution", value:"Upgrade to Firefox 10.0.3 ESR or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"vuln_publication_date", value:"2012/03/13"); script_set_attribute(attribute:"patch_publication_date", value:"2012/03/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/03/15"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc."); script_dependencies("mozilla_org_installed.nasl"); script_require_keys("Mozilla/Firefox/Version"); exit(0); } include("mozilla_version.inc"); port = get_kb_item_or_exit("SMB/transport"); installs = get_kb_list("SMB/Mozilla/Firefox/*"); if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox"); mozilla_check_version(installs:installs, product:'firefox', esr:TRUE, fix:'10.0.3', min:'10.0', severity:SECURITY_HOLE, xss:TRUE);NASL family Windows NASL id MOZILLA_THUNDERBIRD_1003.NASL description The installed version of Thunderbird 10.0.x is potentially affected by the following security issues : - Multiple memory corruption issues. By tricking a user into visiting a specially crafted page, these issues may allow an attacker to execute arbitrary code in the context of the affected application. (CVE-2012-0454, CVE-2012-0457, CVE-2012-0459, CVE-2012-0461, CVE-2012-0462, CVE-2012-0463, CVE-2012-0464) - An HTTP Header security bypass vulnerability exists that can be leveraged by attackers to bypass certain security restrictions and conduct cross-site scripting attacks. (CVE-2012-0451). - A security bypass vulnerability exists that can be exploited by an attacker if the victim can be tricked into setting a new home page by dragging a specially crafted link to the last seen 2020-06-01 modified 2020-06-02 plugin id 58350 published 2012-03-15 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58350 title Mozilla Thunderbird 10.0.x < 10.0.3 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(58350); script_version("1.10"); script_cvs_date("Date: 2018/07/16 14:09:15"); script_cve_id( "CVE-2012-0451", "CVE-2012-0454", "CVE-2012-0455", "CVE-2012-0456", "CVE-2012-0457", "CVE-2012-0458", "CVE-2012-0459", "CVE-2012-0460", "CVE-2012-0461", "CVE-2012-0462", "CVE-2012-0463", "CVE-2012-0464" ); script_bugtraq_id( 52455, 52456, 52457, 52458, 52459, 52460, 52461, 52463, 52464, 52465, 52466, 52467 ); script_name(english:"Mozilla Thunderbird 10.0.x < 10.0.3 Multiple Vulnerabilities"); script_summary(english:"Checks version of Thunderbird"); script_set_attribute( attribute:"synopsis", value: "The remote Windows host contains a mail client that is potentially affected by several vulnerabilities."); script_set_attribute( attribute:"description", value: "The installed version of Thunderbird 10.0.x is potentially affected by the following security issues : - Multiple memory corruption issues. By tricking a user into visiting a specially crafted page, these issues may allow an attacker to execute arbitrary code in the context of the affected application. (CVE-2012-0454, CVE-2012-0457, CVE-2012-0459, CVE-2012-0461, CVE-2012-0462, CVE-2012-0463, CVE-2012-0464) - An HTTP Header security bypass vulnerability exists that can be leveraged by attackers to bypass certain security restrictions and conduct cross-site scripting attacks. (CVE-2012-0451). - A security bypass vulnerability exists that can be exploited by an attacker if the victim can be tricked into setting a new home page by dragging a specially crafted link to the 'home' button URL, which will set the user's home page to a 'javascript:' URL. (CVE-2012-0458) - An information disclosure vulnerability exists due to an out-of-bounds read in SVG filters. (CVE-2012-0456) - A cross-site scripting vulnerability exists that can be triggered by dragging and dropping 'javascript:' links onto a frame. (CVE-2012-0455) - 'window.fullScreen' is writeable by untrusted content, allowing attackers to perform UI spoofing attacks. (CVE-2012-0460)" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-12/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-13/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-14/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-15/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-16/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-17/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-18/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-19/"); script_set_attribute( attribute:"solution", value:"Upgrade to Thunderbird 10.0.3 ESR or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"vuln_publication_date", value:"2012/03/13"); script_set_attribute(attribute:"patch_publication_date", value:"2012/03/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/03/15"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:thunderbird"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc."); script_dependencies("mozilla_org_installed.nasl"); script_require_keys("Mozilla/Thunderbird/Version"); exit(0); } include("mozilla_version.inc"); port = get_kb_item_or_exit("SMB/transport"); installs = get_kb_list("SMB/Mozilla/Thunderbird/*"); if (isnull(installs)) audit(AUDIT_NOT_INST, "Thunderbird"); mozilla_check_version(installs:installs, product:'thunderbird', esr:TRUE, fix:'10.0.3', min:'10.0', severity:SECURITY_HOLE, xss:TRUE);NASL family Windows NASL id MOZILLA_FIREFOX_3628.NASL description The installed version of Firefox 3.6.x is potentially affected by the following security issues : - Multiple memory corruption issues. By tricking a user into visiting a specially crafted page, these issues may allow an attacker to execute arbitrary code in the context of the affected application. (CVE-2012-0457, CVE-2012-0461, CVE-2012-0463, CVE-2012-0464) - A security bypass vulnerability exists that can be exploited by an attacker if the victim can be tricked into setting a new home page by dragging a specially crafted link to the last seen 2020-06-01 modified 2020-06-02 plugin id 58349 published 2012-03-15 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58349 title Firefox 3.6.x < 3.6.28 Multiple Vulnerabilities NASL family MacOS X Local Security Checks NASL id MACOSX_THUNDERBIRD_10_0_3.NASL description The installed version of Thunderbird 10.0.x is potentially affected by the following security issues : - Multiple memory corruption issues. By tricking a user into visiting a specially crafted page, these issues may allow an attacker to execute arbitrary code in the context of the affected application. (CVE-2012-0454, CVE-2012-0457, CVE-2012-0459, CVE-2012-0461, CVE-2012-0462, CVE-2012-0463, CVE-2012-0464) - An HTTP Header security bypass vulnerability exists that can be leveraged by attackers to bypass certain security restrictions and conduct cross-site scripting attacks. (CVE-2012-0451). - A security bypass vulnerability exists that can be exploited by an attacker if the victim can be tricked into setting a new home page by dragging a specially crafted link to the last seen 2020-06-01 modified 2020-06-02 plugin id 58355 published 2012-03-15 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58355 title Thunderbird 10.0.x < 10.0.3 Multiple Vulnerabilities (Mac OS X) NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-175.NASL description Changes in MozillaThunderbird : - update to Thunderbird 11.0 (bnc#750044) - MFSA 2012-13/CVE-2012-0455 (bmo#704354) XSS with Drag and Drop and Javascript: URL - MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653, #720103) SVG issues found with Address Sanitizer - MFSA 2012-15/CVE-2012-0451 (bmo#717511) XSS with multiple Content Security Policy headers - MFSA 2012-16/CVE-2012-0458 Escalation of privilege with Javascript: URL as home page - MFSA 2012-17/CVE-2012-0459 (bmo#723446) Crash when accessing keyframe cssText after dynamic modification - MFSA 2012-18/CVE-2012-0460 (bmo#727303) window.fullScreen writeable by untrusted content - MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/ CVE-2012-0463 Miscellaneous memory safety hazards Changes in mozilla-xulrunner192 : - security update to 1.9.2.28 (bnc#750044) - MFSA 2011-55/CVE-2011-3658 (bmo#708186) nsSVGValue out-of-bounds access - MFSA 2012-13/CVE-2012-0455 (bmo#704354) XSS with Drag and Drop and Javascript: URL - MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653, #720103) SVG issues found with Address Sanitizer - MFSA 2012-16/CVE-2012-0458 Escalation of privilege with Javascript: URL as home page - MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/ CVE-2012-0463 Miscellaneous memory safety hazards Changes in MozillaFirefox : - update to Firefox 11.0 (bnc#750044) - MFSA 2012-13/CVE-2012-0455 (bmo#704354) XSS with Drag and Drop and Javascript: URL - MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653, #720103) SVG issues found with Address Sanitizer - MFSA 2012-15/CVE-2012-0451 (bmo#717511) XSS with multiple Content Security Policy headers - MFSA 2012-16/CVE-2012-0458 Escalation of privilege with Javascript: URL as home page - MFSA 2012-17/CVE-2012-0459 (bmo#723446) Crash when accessing keyframe cssText after dynamic modification - MFSA 2012-18/CVE-2012-0460 (bmo#727303) window.fullScreen writeable by untrusted content - MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/ CVE-2012-0463 Miscellaneous memory safety hazards Changes in seamonkey : - update to SeaMonkey 2.8 (bnc#750044) - MFSA 2012-13/CVE-2012-0455 (bmo#704354) XSS with Drag and Drop and Javascript: URL - MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653, #720103) SVG issues found with Address Sanitizer - MFSA 2012-15/CVE-2012-0451 (bmo#717511) XSS with multiple Content Security Policy headers - MFSA 2012-16/CVE-2012-0458 Escalation of privilege with Javascript: URL as home page - MFSA 2012-17/CVE-2012-0459 (bmo#723446) Crash when accessing keyframe cssText after dynamic modification - MFSA 2012-18/CVE-2012-0460 (bmo#727303) window.fullScreen writeable by untrusted content - MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/ CVE-2012-0463 Miscellaneous memory safety hazards Changes in chmsee : - Update to version 1.99.08 Changes in mozilla-nss : - update to 3.13.3 RTM - distrust Trustwave last seen 2020-06-05 modified 2014-06-13 plugin id 74574 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74574 title openSUSE Security Update : MozillaFirefox / MozillaThunderbird (openSUSE-SU-2012:0417-1) NASL family SuSE Local Security Checks NASL id SUSE_11_MOZILLAFIREFOX-120320.NASL description Mozilla Firefox was updated to 10.0.3 ESR to fix various bugs and security issues. The following security issues have been fixed : - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2012-19) In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. References : Bob Clary reported two bugs that causes crashes that affected Firefox 3.6, Firefox ESR, and Firefox 10. (CVE-2012-0461) Christian Holler, Jesse Ruderman, Nils, Michael Bebenita, Dindog, and David Anderson reported memory safety problems and crashes that affect Firefox ESR and Firefox 10. (CVE-2012-0462) Jeff Walden reported a memory safety problem in the array.join function. This bug was independently reported by Vincenzo Iozzo via TippingPoint last seen 2020-06-05 modified 2012-03-29 plugin id 58524 published 2012-03-29 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58524 title SuSE 11.1 Security Update : Mozilla Firefox (SAT Patch Number 6007) NASL family SuSE Local Security Checks NASL id SUSE_FIREFOX-201203-8029.NASL description Mozilla Firefox was updated to 3.6.28 to fix various bugs and security issues. The following security issues have been fixed : - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2012-19) In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. References Bob Clary reported two bugs that causes crashes that affected Firefox 3.6, Firefox ESR, and Firefox 10. (CVE-2012-0461) Christian Holler, Jesse Ruderman, Nils, Michael Bebenita, Dindog, and David Anderson reported memory safety problems and crashes that affect Firefox ESR and Firefox 10. (CVE-2012-0462) Jeff Walden reported a memory safety problem in the array.join function. This bug was independently reported by Vincenzo Iozzo via TippingPoint last seen 2020-06-05 modified 2012-03-29 plugin id 58525 published 2012-03-29 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58525 title SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8029) NASL family Windows NASL id MOZILLA_THUNDERBIRD_3120.NASL description The installed version of Thunderbird 3.1.x is potentially affected by the following security issues : - Multiple memory corruption issues. By tricking a user into visiting a specially crafted page, these issues may allow an attacker to execute arbitrary code in the context of the affected application. (CVE-2012-0457, CVE-2012-0461, CVE-2012-0462, CVE-2012-0463, CVE-2012-0464) - A security bypass vulnerability exists that can be exploited by an attacker if the victim can be tricked into setting a new home page by dragging a specially crafted link to the last seen 2020-06-01 modified 2020-06-02 plugin id 58351 published 2012-03-15 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58351 title Mozilla Thunderbird 3.1.x < 3.1.20 Multiple Vulnerabilities NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_A1050B8B6DB311E18B370011856A6E37.NASL description The Mozilla Project reports : MFSA 2012-13 XSS with Drag and Drop and Javascript: URL MFSA 2012-14 SVG issues found with Address Sanitizer MFSA 2012-15 XSS with multiple Content Security Policy headers MFSA 2012-16 Escalation of privilege with Javascript: URL as home page MFSA 2012-17 Crash when accessing keyframe cssText after dynamic modification MFSA 2012-18 window.fullScreen writeable by untrusted content MFSA 2012-19 Miscellaneous memory safety hazards (rv:11.0/ rv:10.0.3 / rv:1.9.2.28) last seen 2020-06-01 modified 2020-06-02 plugin id 58347 published 2012-03-15 reporter This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58347 title FreeBSD : mozilla -- multiple vulnerabilities (a1050b8b-6db3-11e1-8b37-0011856a6e37) NASL family Windows NASL id SEAMONKEY_28.NASL description The installed version of SeaMonkey is earlier than 2.8.0. Such versions are potentially affected by the following security issues : - Multiple memory corruption issues. By tricking a user into visiting a specially crafted page, these issues may allow an attacker to execute arbitrary code in the context of the affected application. (CVE-2012-0454, CVE-2012-0457, CVE-2012-0459, CVE-2012-0461, CVE-2012-0462, CVE-2012-0463, CVE-2012-0464) - An HTTP Header security bypass vulnerability that can be leveraged by attackers to bypass certain security restrictions and conduct cross-site scripting attacks. (CVE-2012-0451). - A security bypass vulnerability that can be exploited by an attacker if the victim can be tricked into setting a new home page by dragging a specially crafted link to the last seen 2020-06-01 modified 2020-06-02 plugin id 58352 published 2012-03-15 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58352 title SeaMonkey < 2.8.0 Multiple Vulnerabilities NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201301-01.NASL description The remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL’s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser’s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 63402 published 2013-01-08 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63402 title GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST) NASL family MacOS X Local Security Checks NASL id MACOSX_FIREFOX_10_0_3.NASL description The installed version of Firefox is earlier than 10.0.3 and thus, is potentially affected by the following security issues : - Multiple memory corruption issues. By tricking a user into visiting a specially crafted page, these issues may allow an attacker to execute arbitrary code in the context of the affected application. (CVE-2012-0454, CVE-2012-0457, CVE-2012-0459, CVE-2012-0461, CVE-2012-0462, CVE-2012-0463, CVE-2012-0464) - An HTTP Header security bypass vulnerability exists that can be leveraged by attackers to bypass certain security restrictions and conduct cross-site scripting attacks. (CVE-2012-0451). - A security bypass vulnerability exists that can be exploited by an attacker if the victim can be tricked into setting a new home page by dragging a specially crafted link to the last seen 2020-06-01 modified 2020-06-02 plugin id 58353 published 2012-03-15 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58353 title Firefox < 10.0.3 Multiple Vulnerabilities (Mac OS X) NASL family MacOS X Local Security Checks NASL id MACOSX_THUNDERBIRD_3_1_20.NASL description The installed version of Thunderbird 3.1.x is potentially affected by the following security issues : - Multiple memory corruption issues. By tricking a user into visiting a specially crafted page, these issues may allow an attacker to execute arbitrary code in the context of the affected application. (CVE-2012-0457, CVE-2012-0461, CVE-2012-0462, CVE-2012-0463, CVE-2012-0464) - A security bypass vulnerability exists that can be exploited by an attacker if the victim can be tricked into setting a new home page by dragging a specially crafted link to the last seen 2020-06-01 modified 2020-06-02 plugin id 58356 published 2012-03-15 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58356 title Thunderbird 3.1.x < 3.1.20 Multiple Vulnerabilities (Mac OS X)
Oval
| accepted | 2014-10-06T04:01:45.544-04:00 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| description | The nsWindow implementation in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 does not check the validity of an instance after event dispatching, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, as demonstrated by Mobile Firefox on Android. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| family | windows | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:15143 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| submitted | 2012-03-26T11:21:12.000-05:00 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| title | The nsWindow implementation in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 does not check the validity of an instance after event dispatching, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, as demonstrated by Mobile Firefox on Android. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| version | 39 |
References
- http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html
- http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html
- http://secunia.com/advisories/48402
- http://secunia.com/advisories/48553
- http://secunia.com/advisories/48561
- http://secunia.com/advisories/48624
- http://secunia.com/advisories/48629
- http://www.mozilla.org/security/announce/2012/mfsa2012-19.html
- http://www.securityfocus.com/bid/52466
- http://www.securitytracker.com/id?1026801
- http://www.securitytracker.com/id?1026803
- http://www.securitytracker.com/id?1026804
- https://bugzilla.mozilla.org/show_bug.cgi?id=688208
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15143
- http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15143
- https://bugzilla.mozilla.org/show_bug.cgi?id=688208
- http://www.securitytracker.com/id?1026804
- http://www.securitytracker.com/id?1026803
- http://www.securitytracker.com/id?1026801
- http://www.securityfocus.com/bid/52466
- http://www.mozilla.org/security/announce/2012/mfsa2012-19.html
- http://secunia.com/advisories/48629
- http://secunia.com/advisories/48624
- http://secunia.com/advisories/48561
- http://secunia.com/advisories/48553
- http://secunia.com/advisories/48402
- http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html
- http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html