Vulnerabilities > CVE-2012-0463 - Improper Input Validation vulnerability in Mozilla products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
mozilla
CWE-20
nessus

Summary

The nsWindow implementation in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 does not check the validity of an instance after event dispatching, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, as demonstrated by Mobile Firefox on Android.

Vulnerable Configurations

Part Description Count
Application
Mozilla
390

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Server Side Include (SSI) Injection
    An attacker can use Server Side Include (SSI) Injection to send code to a web application that then gets executed by the web server. Doing so enables the attacker to achieve similar results to Cross Site Scripting, viz., arbitrary code execution and information disclosure, albeit on a more limited scale, since the SSI directives are nowhere near as powerful as a full-fledged scripting language. Nonetheless, the attacker can conveniently gain access to sensitive files, such as password files, and execute shell commands.
  • Cross Zone Scripting
    An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. This attack differs from "Restful Privilege Escalation" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser.
  • Cross Site Scripting through Log Files
    An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
  • Command Line Execution through SQL Injection
    An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.

Nessus

  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FIREFOX_3_6_28.NASL
    descriptionThe installed version of Firefox 3.6.x is potentially affected by the following security issues : - Multiple memory corruption issues. By tricking a user into visiting a specially crafted page, these issues may allow an attacker to execute arbitrary code in the context of the affected application. (CVE-2012-0457, CVE-2012-0461, CVE-2012-0463, CVE-2012-0464) - A security bypass vulnerability that can be exploited by an attacker if the victim can be tricked into setting a new home page by dragging a specially crafted link to the
    last seen2020-06-01
    modified2020-06-02
    plugin id58354
    published2012-03-15
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58354
    titleFirefox 3.6.x < 3.6.28 Multiple Vulnerabilities (Mac OS X)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(58354);
      script_version("1.11");
      script_cvs_date("Date: 2018/07/14  1:59:35");
    
      script_cve_id(
        "CVE-2012-0455",
        "CVE-2012-0456",
        "CVE-2012-0457",
        "CVE-2012-0458",
        "CVE-2012-0461",
        "CVE-2012-0463",
        "CVE-2012-0464"
      );
      script_bugtraq_id(
        52458,
        52459,
        52460,
        52461,
        52464,
        52465,
        52466
      );
    
      script_name(english:"Firefox 3.6.x < 3.6.28 Multiple Vulnerabilities (Mac OS X)");
      script_summary(english:"Checks version of Firefox");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The remote Mac OS X host contains a web browser that is affected by
    multiple vulnerabilities."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "The installed version of Firefox 3.6.x is potentially affected by the
    following security issues :
      
      - Multiple memory corruption issues. By tricking a user 
        into visiting a specially crafted page, these issues may 
        allow an attacker to execute arbitrary code in the 
        context of the affected application. (CVE-2012-0457, 
        CVE-2012-0461, CVE-2012-0463, CVE-2012-0464)
    
      - A security bypass vulnerability that can be exploited by 
        an attacker if the victim can be tricked into setting a 
        new home page by dragging a specially crafted link to 
        the 'home' button URL, which will set the user's home 
        page to a 'javascript:' URL. (CVE-2012-0458) 
    
      - An information disclosure vulnerability exists due to an 
        out of bounds read in SVG filters. (CVE-2012-0456)
    
      - A cross-site scripting vulnerability exists that can be 
        triggered by dragging and dropping 'javascript:' links 
        onto a frame. (CVE-2012-0455)"
      );
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-13/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-14/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-16/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-19/");
      script_set_attribute(
        attribute:"solution",
        value:"Upgrade to Firefox 3.6.28 or later."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/03/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/03/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/03/15");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");
    
      script_dependencies("macosx_firefox_installed.nasl");
      script_require_keys("MacOSX/Firefox/Installed");
    
      exit(0);
    }
    
    include("mozilla_version.inc");
    kb_base = "MacOSX/Firefox";
    get_kb_item_or_exit(kb_base+"/Installed");
    
    version = get_kb_item_or_exit(kb_base+"/Version", exit_code:1);
    path = get_kb_item_or_exit(kb_base+"/Path", exit_code:1);
    
    mozilla_check_version(product:'firefox', version:version, path:path, esr:FALSE, fix:'3.6.28', min:'3.6', severity:SECURITY_HOLE, xss:TRUE);
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_1003.NASL
    descriptionThe installed version of Firefox 10.0.x is potentially affected by the following security issues : - Multiple memory corruption issues. By tricking a user into visiting a specially crafted page, these issues may allow an attacker to execute arbitrary code in the context of the affected application. (CVE-2012-0454, CVE-2012-0457, CVE-2012-0459, CVE-2012-0461, CVE-2012-0462, CVE-2012-0463, CVE-2012-0464) - An HTTP Header security bypass vulnerability exists that can be leveraged by attackers to bypass certain security restrictions and conduct cross-site scripting attacks. (CVE-2012-0451). - A security bypass vulnerability exists that can be exploited by an attacker if the victim can be tricked into setting a new home page by dragging a specially crafted link to the
    last seen2020-06-01
    modified2020-06-02
    plugin id58348
    published2012-03-15
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58348
    titleFirefox 10.0.x < 10.0.3 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(58348);
      script_version("1.10");
      script_cvs_date("Date: 2018/07/16 14:09:14");
    
      script_cve_id(
        "CVE-2012-0451",
        "CVE-2012-0454",
        "CVE-2012-0455",
        "CVE-2012-0456",
        "CVE-2012-0457",
        "CVE-2012-0458",
        "CVE-2012-0459",
        "CVE-2012-0460",
        "CVE-2012-0461",
        "CVE-2012-0462",
        "CVE-2012-0463",
        "CVE-2012-0464"
      );
      script_bugtraq_id(
        52455,
        52456,
        52457,
        52458,
        52459,
        52460,
        52461,
        52463,
        52464,
        52465,
        52466,
        52467
      );
    
      script_name(english:"Firefox 10.0.x < 10.0.3 Multiple Vulnerabilities");
      script_summary(english:"Checks version of Firefox");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The remote Windows host contains a web browser that is affected by
    multiple vulnerabilities."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "The installed version of Firefox 10.0.x is potentially affected by 
    the following security issues :
      
      - Multiple memory corruption issues. By tricking a user 
        into visiting a specially crafted page, these issues may
        allow an attacker to execute arbitrary code in the 
        context of the affected application. (CVE-2012-0454, 
        CVE-2012-0457, CVE-2012-0459, CVE-2012-0461, 
        CVE-2012-0462, CVE-2012-0463, CVE-2012-0464)
    
      - An HTTP Header security bypass vulnerability exists that 
        can be leveraged by attackers to bypass certain security 
        restrictions and conduct cross-site scripting attacks. 
        (CVE-2012-0451).
    
      - A security bypass vulnerability exists that can be 
        exploited by an attacker if the victim can be tricked 
        into setting a new home page by dragging a specially 
        crafted link to the 'home' button URL, which will set 
        the user's home page to a 'javascript:' URL. 
        (CVE-2012-0458) 
    
      - An information disclosure vulnerability exists due to an 
        out-of-bounds read in SVG filters. (CVE-2012-0456)
    
      - A cross-site scripting vulnerability exists that can be 
        triggered by dragging and dropping 'javascript:' links 
        onto a frame. (CVE-2012-0455)
    
      - 'window.fullScreen' is writeable by untrusted content, 
        allowing attackers to perform UI spoofing attacks. 
        (CVE-2012-0460)"
      );
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-12/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-13/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-14/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-15/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-16/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-17/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-18/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-19/");
      script_set_attribute(
        attribute:"solution",
        value:"Upgrade to Firefox 10.0.3 ESR or later."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/03/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/03/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/03/15");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");
    
      script_dependencies("mozilla_org_installed.nasl");
      script_require_keys("Mozilla/Firefox/Version");
    
      exit(0);
    }
    
    include("mozilla_version.inc");
    port = get_kb_item_or_exit("SMB/transport"); 
    
    installs = get_kb_list("SMB/Mozilla/Firefox/*");
    if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox");
    
    mozilla_check_version(installs:installs, product:'firefox', esr:TRUE, fix:'10.0.3', min:'10.0', severity:SECURITY_HOLE, xss:TRUE);
  • NASL familyWindows
    NASL idMOZILLA_THUNDERBIRD_1003.NASL
    descriptionThe installed version of Thunderbird 10.0.x is potentially affected by the following security issues : - Multiple memory corruption issues. By tricking a user into visiting a specially crafted page, these issues may allow an attacker to execute arbitrary code in the context of the affected application. (CVE-2012-0454, CVE-2012-0457, CVE-2012-0459, CVE-2012-0461, CVE-2012-0462, CVE-2012-0463, CVE-2012-0464) - An HTTP Header security bypass vulnerability exists that can be leveraged by attackers to bypass certain security restrictions and conduct cross-site scripting attacks. (CVE-2012-0451). - A security bypass vulnerability exists that can be exploited by an attacker if the victim can be tricked into setting a new home page by dragging a specially crafted link to the
    last seen2020-06-01
    modified2020-06-02
    plugin id58350
    published2012-03-15
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58350
    titleMozilla Thunderbird 10.0.x < 10.0.3 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(58350);
      script_version("1.10");
      script_cvs_date("Date: 2018/07/16 14:09:15");
    
      script_cve_id(
        "CVE-2012-0451",
        "CVE-2012-0454",
        "CVE-2012-0455",
        "CVE-2012-0456",
        "CVE-2012-0457",
        "CVE-2012-0458",
        "CVE-2012-0459",
        "CVE-2012-0460",
        "CVE-2012-0461",
        "CVE-2012-0462",
        "CVE-2012-0463",
        "CVE-2012-0464"
      );
      script_bugtraq_id(
        52455,
        52456,
        52457,
        52458,
        52459,
        52460,
        52461,
        52463,
        52464,
        52465,
        52466,
        52467
      );
    
      script_name(english:"Mozilla Thunderbird 10.0.x < 10.0.3 Multiple Vulnerabilities");
      script_summary(english:"Checks version of Thunderbird");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The remote Windows host contains a mail client that is potentially
    affected by several vulnerabilities.");
      script_set_attribute(
        attribute:"description",
        value:
    "The installed version of Thunderbird 10.0.x is potentially affected 
    by the following security issues :
      
      - Multiple memory corruption issues. By tricking a user 
        into visiting a specially crafted page, these issues may 
        allow an attacker to execute arbitrary code in the 
        context of the affected application. (CVE-2012-0454, 
        CVE-2012-0457, CVE-2012-0459, CVE-2012-0461, 
        CVE-2012-0462, CVE-2012-0463, CVE-2012-0464)
    
      - An HTTP Header security bypass vulnerability exists that 
        can be leveraged by attackers to bypass certain security 
        restrictions and conduct cross-site scripting attacks. 
        (CVE-2012-0451).
    
      - A security bypass vulnerability exists that can be 
        exploited by an attacker if the victim can be tricked 
        into setting a new home page by dragging a specially 
        crafted link to the 'home' button URL, which will set 
        the user's home page to a 'javascript:' URL. 
        (CVE-2012-0458) 
    
      - An information disclosure vulnerability exists due to an 
        out-of-bounds read in SVG filters. (CVE-2012-0456)
    
      - A cross-site scripting vulnerability exists that can be 
        triggered by dragging and dropping 'javascript:' links 
        onto a frame. (CVE-2012-0455)
    
      - 'window.fullScreen' is writeable by untrusted content, 
        allowing attackers to perform UI spoofing attacks. 
        (CVE-2012-0460)"
      );
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-12/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-13/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-14/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-15/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-16/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-17/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-18/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-19/");
      script_set_attribute(
        attribute:"solution",
        value:"Upgrade to Thunderbird 10.0.3 ESR or later."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/03/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/03/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/03/15");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:thunderbird");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");
    
      script_dependencies("mozilla_org_installed.nasl");
      script_require_keys("Mozilla/Thunderbird/Version");
      exit(0);
    }
    
    include("mozilla_version.inc");
    port = get_kb_item_or_exit("SMB/transport");
    
    installs = get_kb_list("SMB/Mozilla/Thunderbird/*");
    if (isnull(installs)) audit(AUDIT_NOT_INST, "Thunderbird");
    
    mozilla_check_version(installs:installs, product:'thunderbird', esr:TRUE, fix:'10.0.3', min:'10.0', severity:SECURITY_HOLE, xss:TRUE);
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_3628.NASL
    descriptionThe installed version of Firefox 3.6.x is potentially affected by the following security issues : - Multiple memory corruption issues. By tricking a user into visiting a specially crafted page, these issues may allow an attacker to execute arbitrary code in the context of the affected application. (CVE-2012-0457, CVE-2012-0461, CVE-2012-0463, CVE-2012-0464) - A security bypass vulnerability exists that can be exploited by an attacker if the victim can be tricked into setting a new home page by dragging a specially crafted link to the
    last seen2020-06-01
    modified2020-06-02
    plugin id58349
    published2012-03-15
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58349
    titleFirefox 3.6.x < 3.6.28 Multiple Vulnerabilities
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_THUNDERBIRD_10_0_3.NASL
    descriptionThe installed version of Thunderbird 10.0.x is potentially affected by the following security issues : - Multiple memory corruption issues. By tricking a user into visiting a specially crafted page, these issues may allow an attacker to execute arbitrary code in the context of the affected application. (CVE-2012-0454, CVE-2012-0457, CVE-2012-0459, CVE-2012-0461, CVE-2012-0462, CVE-2012-0463, CVE-2012-0464) - An HTTP Header security bypass vulnerability exists that can be leveraged by attackers to bypass certain security restrictions and conduct cross-site scripting attacks. (CVE-2012-0451). - A security bypass vulnerability exists that can be exploited by an attacker if the victim can be tricked into setting a new home page by dragging a specially crafted link to the
    last seen2020-06-01
    modified2020-06-02
    plugin id58355
    published2012-03-15
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58355
    titleThunderbird 10.0.x < 10.0.3 Multiple Vulnerabilities (Mac OS X)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-175.NASL
    descriptionChanges in MozillaThunderbird : - update to Thunderbird 11.0 (bnc#750044) - MFSA 2012-13/CVE-2012-0455 (bmo#704354) XSS with Drag and Drop and Javascript: URL - MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653, #720103) SVG issues found with Address Sanitizer - MFSA 2012-15/CVE-2012-0451 (bmo#717511) XSS with multiple Content Security Policy headers - MFSA 2012-16/CVE-2012-0458 Escalation of privilege with Javascript: URL as home page - MFSA 2012-17/CVE-2012-0459 (bmo#723446) Crash when accessing keyframe cssText after dynamic modification - MFSA 2012-18/CVE-2012-0460 (bmo#727303) window.fullScreen writeable by untrusted content - MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/ CVE-2012-0463 Miscellaneous memory safety hazards Changes in mozilla-xulrunner192 : - security update to 1.9.2.28 (bnc#750044) - MFSA 2011-55/CVE-2011-3658 (bmo#708186) nsSVGValue out-of-bounds access - MFSA 2012-13/CVE-2012-0455 (bmo#704354) XSS with Drag and Drop and Javascript: URL - MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653, #720103) SVG issues found with Address Sanitizer - MFSA 2012-16/CVE-2012-0458 Escalation of privilege with Javascript: URL as home page - MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/ CVE-2012-0463 Miscellaneous memory safety hazards Changes in MozillaFirefox : - update to Firefox 11.0 (bnc#750044) - MFSA 2012-13/CVE-2012-0455 (bmo#704354) XSS with Drag and Drop and Javascript: URL - MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653, #720103) SVG issues found with Address Sanitizer - MFSA 2012-15/CVE-2012-0451 (bmo#717511) XSS with multiple Content Security Policy headers - MFSA 2012-16/CVE-2012-0458 Escalation of privilege with Javascript: URL as home page - MFSA 2012-17/CVE-2012-0459 (bmo#723446) Crash when accessing keyframe cssText after dynamic modification - MFSA 2012-18/CVE-2012-0460 (bmo#727303) window.fullScreen writeable by untrusted content - MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/ CVE-2012-0463 Miscellaneous memory safety hazards Changes in seamonkey : - update to SeaMonkey 2.8 (bnc#750044) - MFSA 2012-13/CVE-2012-0455 (bmo#704354) XSS with Drag and Drop and Javascript: URL - MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653, #720103) SVG issues found with Address Sanitizer - MFSA 2012-15/CVE-2012-0451 (bmo#717511) XSS with multiple Content Security Policy headers - MFSA 2012-16/CVE-2012-0458 Escalation of privilege with Javascript: URL as home page - MFSA 2012-17/CVE-2012-0459 (bmo#723446) Crash when accessing keyframe cssText after dynamic modification - MFSA 2012-18/CVE-2012-0460 (bmo#727303) window.fullScreen writeable by untrusted content - MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/ CVE-2012-0463 Miscellaneous memory safety hazards Changes in chmsee : - Update to version 1.99.08 Changes in mozilla-nss : - update to 3.13.3 RTM - distrust Trustwave
    last seen2020-06-05
    modified2014-06-13
    plugin id74574
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74574
    titleopenSUSE Security Update : MozillaFirefox / MozillaThunderbird (openSUSE-SU-2012:0417-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_MOZILLAFIREFOX-120320.NASL
    descriptionMozilla Firefox was updated to 10.0.3 ESR to fix various bugs and security issues. The following security issues have been fixed : - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2012-19) In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. References : Bob Clary reported two bugs that causes crashes that affected Firefox 3.6, Firefox ESR, and Firefox 10. (CVE-2012-0461) Christian Holler, Jesse Ruderman, Nils, Michael Bebenita, Dindog, and David Anderson reported memory safety problems and crashes that affect Firefox ESR and Firefox 10. (CVE-2012-0462) Jeff Walden reported a memory safety problem in the array.join function. This bug was independently reported by Vincenzo Iozzo via TippingPoint
    last seen2020-06-05
    modified2012-03-29
    plugin id58524
    published2012-03-29
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58524
    titleSuSE 11.1 Security Update : Mozilla Firefox (SAT Patch Number 6007)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_FIREFOX-201203-8029.NASL
    descriptionMozilla Firefox was updated to 3.6.28 to fix various bugs and security issues. The following security issues have been fixed : - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2012-19) In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. References Bob Clary reported two bugs that causes crashes that affected Firefox 3.6, Firefox ESR, and Firefox 10. (CVE-2012-0461) Christian Holler, Jesse Ruderman, Nils, Michael Bebenita, Dindog, and David Anderson reported memory safety problems and crashes that affect Firefox ESR and Firefox 10. (CVE-2012-0462) Jeff Walden reported a memory safety problem in the array.join function. This bug was independently reported by Vincenzo Iozzo via TippingPoint
    last seen2020-06-05
    modified2012-03-29
    plugin id58525
    published2012-03-29
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58525
    titleSuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8029)
  • NASL familyWindows
    NASL idMOZILLA_THUNDERBIRD_3120.NASL
    descriptionThe installed version of Thunderbird 3.1.x is potentially affected by the following security issues : - Multiple memory corruption issues. By tricking a user into visiting a specially crafted page, these issues may allow an attacker to execute arbitrary code in the context of the affected application. (CVE-2012-0457, CVE-2012-0461, CVE-2012-0462, CVE-2012-0463, CVE-2012-0464) - A security bypass vulnerability exists that can be exploited by an attacker if the victim can be tricked into setting a new home page by dragging a specially crafted link to the
    last seen2020-06-01
    modified2020-06-02
    plugin id58351
    published2012-03-15
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58351
    titleMozilla Thunderbird 3.1.x < 3.1.20 Multiple Vulnerabilities
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_A1050B8B6DB311E18B370011856A6E37.NASL
    descriptionThe Mozilla Project reports : MFSA 2012-13 XSS with Drag and Drop and Javascript: URL MFSA 2012-14 SVG issues found with Address Sanitizer MFSA 2012-15 XSS with multiple Content Security Policy headers MFSA 2012-16 Escalation of privilege with Javascript: URL as home page MFSA 2012-17 Crash when accessing keyframe cssText after dynamic modification MFSA 2012-18 window.fullScreen writeable by untrusted content MFSA 2012-19 Miscellaneous memory safety hazards (rv:11.0/ rv:10.0.3 / rv:1.9.2.28)
    last seen2020-06-01
    modified2020-06-02
    plugin id58347
    published2012-03-15
    reporterThis script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58347
    titleFreeBSD : mozilla -- multiple vulnerabilities (a1050b8b-6db3-11e1-8b37-0011856a6e37)
  • NASL familyWindows
    NASL idSEAMONKEY_28.NASL
    descriptionThe installed version of SeaMonkey is earlier than 2.8.0. Such versions are potentially affected by the following security issues : - Multiple memory corruption issues. By tricking a user into visiting a specially crafted page, these issues may allow an attacker to execute arbitrary code in the context of the affected application. (CVE-2012-0454, CVE-2012-0457, CVE-2012-0459, CVE-2012-0461, CVE-2012-0462, CVE-2012-0463, CVE-2012-0464) - An HTTP Header security bypass vulnerability that can be leveraged by attackers to bypass certain security restrictions and conduct cross-site scripting attacks. (CVE-2012-0451). - A security bypass vulnerability that can be exploited by an attacker if the victim can be tricked into setting a new home page by dragging a specially crafted link to the
    last seen2020-06-01
    modified2020-06-02
    plugin id58352
    published2012-03-15
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58352
    titleSeaMonkey < 2.8.0 Multiple Vulnerabilities
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201301-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL&rsquo;s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser&rsquo;s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id63402
    published2013-01-08
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63402
    titleGLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FIREFOX_10_0_3.NASL
    descriptionThe installed version of Firefox is earlier than 10.0.3 and thus, is potentially affected by the following security issues : - Multiple memory corruption issues. By tricking a user into visiting a specially crafted page, these issues may allow an attacker to execute arbitrary code in the context of the affected application. (CVE-2012-0454, CVE-2012-0457, CVE-2012-0459, CVE-2012-0461, CVE-2012-0462, CVE-2012-0463, CVE-2012-0464) - An HTTP Header security bypass vulnerability exists that can be leveraged by attackers to bypass certain security restrictions and conduct cross-site scripting attacks. (CVE-2012-0451). - A security bypass vulnerability exists that can be exploited by an attacker if the victim can be tricked into setting a new home page by dragging a specially crafted link to the
    last seen2020-06-01
    modified2020-06-02
    plugin id58353
    published2012-03-15
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58353
    titleFirefox < 10.0.3 Multiple Vulnerabilities (Mac OS X)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_THUNDERBIRD_3_1_20.NASL
    descriptionThe installed version of Thunderbird 3.1.x is potentially affected by the following security issues : - Multiple memory corruption issues. By tricking a user into visiting a specially crafted page, these issues may allow an attacker to execute arbitrary code in the context of the affected application. (CVE-2012-0457, CVE-2012-0461, CVE-2012-0462, CVE-2012-0463, CVE-2012-0464) - A security bypass vulnerability exists that can be exploited by an attacker if the victim can be tricked into setting a new home page by dragging a specially crafted link to the
    last seen2020-06-01
    modified2020-06-02
    plugin id58356
    published2012-03-15
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58356
    titleThunderbird 3.1.x < 3.1.20 Multiple Vulnerabilities (Mac OS X)

Oval

accepted2014-10-06T04:01:45.544-04:00
classvulnerability
contributors
  • nameScott Quint
    organizationDTCC
  • nameScott Quint
    organizationDTCC
  • nameSergey Artykhov
    organizationALTX-SOFT
  • nameSergey Artykhov
    organizationALTX-SOFT
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameShane Shaffer
    organizationG2, Inc.
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameMaria Mikhno
    organizationALTX-SOFT
  • nameRichard Helbing
    organizationbaramundi software
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
definition_extensions
  • commentMozilla Firefox Mainline release is installed
    ovaloval:org.mitre.oval:def:22259
  • commentMozilla Firefox Mainline release is installed
    ovaloval:org.mitre.oval:def:22259
  • commentMozilla Firefox Mainline release is installed
    ovaloval:org.mitre.oval:def:22259
  • commentMozilla Firefox Mainline release is installed
    ovaloval:org.mitre.oval:def:22259
  • commentMozilla Firefox Mainline release is installed
    ovaloval:org.mitre.oval:def:22259
  • commentMozilla Firefox Mainline release is installed
    ovaloval:org.mitre.oval:def:22259
  • commentMozilla Firefox Mainline release is installed
    ovaloval:org.mitre.oval:def:22259
  • commentMozilla Firefox Mainline release is installed
    ovaloval:org.mitre.oval:def:22259
  • commentMozilla Firefox Mainline release is installed
    ovaloval:org.mitre.oval:def:22259
  • commentMozilla Thunderbird Mainline release is installed
    ovaloval:org.mitre.oval:def:22093
  • commentMozilla Thunderbird Mainline release is installed
    ovaloval:org.mitre.oval:def:22093
  • commentMozilla Thunderbird Mainline release is installed
    ovaloval:org.mitre.oval:def:22093
  • commentMozilla Thunderbird Mainline release is installed
    ovaloval:org.mitre.oval:def:22093
  • commentMozilla Thunderbird Mainline release is installed
    ovaloval:org.mitre.oval:def:22093
  • commentMozilla Thunderbird Mainline release is installed
    ovaloval:org.mitre.oval:def:22093
  • commentMozilla Thunderbird Mainline release is installed
    ovaloval:org.mitre.oval:def:22093
  • commentMozilla Seamonkey is installed
    ovaloval:org.mitre.oval:def:6372
  • commentMozilla Seamonkey is installed
    ovaloval:org.mitre.oval:def:6372
  • commentMozilla Firefox ESR is installed
    ovaloval:org.mitre.oval:def:22414
  • commentMozilla Thunderbird ESR is installed
    ovaloval:org.mitre.oval:def:22216
descriptionThe nsWindow implementation in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 does not check the validity of an instance after event dispatching, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, as demonstrated by Mobile Firefox on Android.
familywindows
idoval:org.mitre.oval:def:15143
statusaccepted
submitted2012-03-26T11:21:12.000-05:00
titleThe nsWindow implementation in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 does not check the validity of an instance after event dispatching, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, as demonstrated by Mobile Firefox on Android.
version39