Vulnerabilities > CVE-2012-3984
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has a SELECT element's menu active, which allows remote attackers to spoof page content via vectors involving absolute positioning and scrolling.
Vulnerable Configurations
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SU-2012-1351-1.NASL description Mozilla Firefox was updated to the 10.0.9ESR security release which fixes bugs and security issues : MFSA 2012-73 / CVE-2012-3977: Security researchers Thai Duong and Juliano Rizzo reported that SPDY last seen 2020-06-05 modified 2015-05-20 plugin id 83562 published 2015-05-20 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83562 title SUSE SLED10 / SLED11 / SLES10 / SLES11 Security Update : Mozilla Firefox (SUSE-SU-2012:1351-1) NASL family Windows NASL id MOZILLA_FIREFOX_160.NASL description The installed version of Firefox is earlier than 16.0 and thus, is affected by the following vulnerabilities : - Several memory safety bugs exist in the browser engine used in Mozilla-based products that could be exploited to execute arbitrary code. (CVE-2012-3983) - last seen 2020-06-01 modified 2020-06-02 plugin id 62580 published 2012-10-17 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62580 title Firefox < 16.0 Multiple Vulnerabilities NASL family MacOS X Local Security Checks NASL id MACOSX_FIREFOX_16_0.NASL description The installed version of Firefox is earlier than 16.0 and thus, is affected by the following vulnerabilities : - Several memory safety bugs exist in the browser engine used in Mozilla-based products that could be exploited to execute arbitrary code. (CVE-2012-3983) - last seen 2020-06-01 modified 2020-06-02 plugin id 62576 published 2012-10-17 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62576 title Firefox < 16.0 Multiple Vulnerabilities (Mac OS X) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_6E5A9AFD12D311E2B47DC8600054B392.NASL description The Mozilla Project reports : MFSA 2012-74 Miscellaneous memory safety hazards (rv:16.0/ rv:10.0.8) MFSA 2012-75 select element persistance allows for attacks MFSA 2012-76 Continued access to initial origin after setting document.domain MFSA 2012-77 Some DOMWindowUtils methods bypass security checks MFSA 2012-78 Reader Mode pages have chrome privileges MFSA 2012-79 DOS and crash with full screen and history navigation MFSA 2012-80 Crash with invalid cast when using instanceof operator MFSA 2012-81 GetProperty function can bypass security checks MFSA 2012-82 top object and location property accessible by plugins MFSA 2012-83 Chrome Object Wrapper (COW) does not disallow access to privileged functions or properties MFSA 2012-84 Spoofing and script injection through location.hash MFSA 2012-85 Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer MFSA 2012-86 Heap memory corruption issues found using Address Sanitizer MFSA 2012-87 Use-after-free in the IME State Manager MFSA 2012-88 Miscellaneous memory safety hazards (rv:16.0.1) MFSA 2012-89 defaultValue security checks not applied last seen 2020-06-01 modified 2020-06-02 plugin id 62490 published 2012-10-11 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62490 title FreeBSD : mozilla -- multiple vulnerabilities (6e5a9afd-12d3-11e2-b47d-c8600054b392) NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-709.NASL description The Mozilla suite received following security updates (bnc#783533) : Mozilla Firefox was updated to 16.0.1. Mozilla SeaMonkey was updated to 2.13.1. Mozilla Thunderbird was updated to 16.0.1. Mozilla XULRunner was updated to 16.0.1. - MFSA 2012-88/CVE-2012-4191 (bmo#798045) Miscellaneous memory safety hazards - MFSA 2012-89/CVE-2012-4192/CVE-2012-4193 (bmo#799952, bmo#720619) defaultValue security checks not applied - MFSA 2012-74/CVE-2012-3982/CVE-2012-3983 Miscellaneous memory safety hazards - MFSA 2012-75/CVE-2012-3984 (bmo#575294) select element persistance allows for attacks - MFSA 2012-76/CVE-2012-3985 (bmo#655649) Continued access to initial origin after setting document.domain - MFSA 2012-77/CVE-2012-3986 (bmo#775868) Some DOMWindowUtils methods bypass security checks - MFSA 2012-79/CVE-2012-3988 (bmo#725770) DOS and crash with full screen and history navigation - MFSA 2012-80/CVE-2012-3989 (bmo#783867) Crash with invalid cast when using instanceof operator - MFSA 2012-81/CVE-2012-3991 (bmo#783260) GetProperty function can bypass security checks - MFSA 2012-82/CVE-2012-3994 (bmo#765527) top object and location property accessible by plugins - MFSA 2012-83/CVE-2012-3993/CVE-2012-4184 (bmo#768101, bmo#780370) Chrome Object Wrapper (COW) does not disallow access to privileged functions or properties - MFSA 2012-84/CVE-2012-3992 (bmo#775009) Spoofing and script injection through location.hash - MFSA 2012-85/CVE-2012-3995/CVE-2012-4179/CVE-2012-4180/ CVE-2012-4181/CVE-2012-4182/CVE-2012-4183 Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer - MFSA 2012-86/CVE-2012-4185/CVE-2012-4186/CVE-2012-4187/ CVE-2012-4188 Heap memory corruption issues found using Address Sanitizer - MFSA 2012-87/CVE-2012-3990 (bmo#787704) last seen 2020-06-05 modified 2014-06-13 plugin id 74779 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74779 title openSUSE Security Update : MozillaFirefox (openSUSE-SU-2012:1345-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1600-1.NASL description Henrik Skupin, Jesse Ruderman, Christian Holler, Soroush Dalili and others discovered several memory corruption flaws in Firefox. If a user were tricked into opening a specially crafted web page, a remote attacker could cause Firefox to crash or potentially execute arbitrary code as the user invoking the program. (CVE-2012-3982, CVE-2012-3983, CVE-2012-3988, CVE-2012-3989) David Bloom and Jordi Chancel discovered that Firefox did not always properly handle the <select> element. A remote attacker could exploit this to conduct URL spoofing and clickjacking attacks. (CVE-2012-3984) Collin Jackson discovered that Firefox did not properly follow the HTML5 specification for document.domain behavior. A remote attacker could exploit this to conduct cross-site scripting (XSS) attacks via JavaScript execution. (CVE-2012-3985) Johnny Stenback discovered that Firefox did not properly perform security checks on test methods for DOMWindowUtils. (CVE-2012-3986) Alice White discovered that the security checks for GetProperty could be bypassed when using JSAPI. If a user were tricked into opening a specially crafted web page, a remote attacker could exploit this to execute arbitrary code as the user invoking the program. (CVE-2012-3991) Mariusz Mlynski discovered a history state error in Firefox. A remote attacker could exploit this to spoof the location property to inject script or intercept posted data. (CVE-2012-3992) Mariusz Mlynski and others discovered several flaws in Firefox that allowed a remote attacker to conduct cross-site scripting (XSS) attacks. (CVE-2012-3993, CVE-2012-3994, CVE-2012-4184) Abhishek Arya, Atte Kettunen and others discovered several memory flaws in Firefox when using the Address Sanitizer tool. If a user were tricked into opening a specially crafted web page, a remote attacker could cause Firefox to crash or potentially execute arbitrary code as the user invoking the program. (CVE-2012-3990, CVE-2012-3995, CVE-2012-4179, CVE-2012-4180, CVE-2012-4181, CVE-2012-4182, CVE-2012-4183, CVE-2012-4185, CVE-2012-4186, CVE-2012-4187, CVE-2012-4188). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 62476 published 2012-10-10 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62476 title Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : firefox vulnerabilities (USN-1600-1) NASL family Windows NASL id SEAMONKEY_213.NASL description The installed version of SeaMonkey is affected by the following vulnerabilities : - Several memory safety bugs exist in the browser engine used in Mozilla-based products that could be exploited to execute arbitrary code. (CVE-2012-3983) - last seen 2020-06-01 modified 2020-06-02 plugin id 62583 published 2012-10-17 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62583 title SeaMonkey < 2.13 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_11_FIREFOX-201210-121015.NASL description Mozilla Firefox was updated to the 10.0.9ESR security release which fixes bugs and security issues : - Security researchers Thai Duong and Juliano Rizzo reported that SPDY last seen 2020-06-05 modified 2013-01-25 plugin id 64133 published 2013-01-25 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64133 title SuSE 11.2 Security Update : Mozilla Firefox (SAT Patch Number 6951) NASL family Windows NASL id MOZILLA_THUNDERBIRD_160.NASL description The installed version of Thunderbird is earlier than 16.0 and thus, is affected by the following vulnerabilities : - Several memory safety bugs exist in the browser engine used in Mozilla-based products that could be exploited to execute arbitrary code. (CVE-2012-3983) - last seen 2020-06-01 modified 2020-06-02 plugin id 62582 published 2012-10-17 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62582 title Mozilla Thunderbird < 16.0 Multiple Vulnerabilities NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201301-01.NASL description The remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL’s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser’s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 63402 published 2013-01-08 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63402 title GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST) NASL family MacOS X Local Security Checks NASL id MACOSX_THUNDERBIRD_16_0.NASL description The installed version of Thunderbird is earlier than 16.0 and thus, is affected by the following vulnerabilities : - Several memory safety bugs exist in the browser engine used in Mozilla-based products that could be exploited to execute arbitrary code. (CVE-2012-3983) - last seen 2020-06-01 modified 2020-06-02 plugin id 62578 published 2012-10-17 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62578 title Mozilla Thunderbird < 16.0 Multiple Vulnerabilities (Mac OS X) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1611-1.NASL description Henrik Skupin, Jesse Ruderman, Christian Holler, Soroush Dalili and others discovered several memory corruption flaws in Thunderbird. If a user were tricked into opening a malicious website and had JavaScript enabled, an attacker could exploit these to execute arbitrary JavaScript code within the context of another website or arbitrary code as the user invoking the program. (CVE-2012-3982, CVE-2012-3983, CVE-2012-3988, CVE-2012-3989, CVE-2012-4191) David Bloom and Jordi Chancel discovered that Thunderbird did not always properly handle the <select> element. If a user were tricked into opening a malicious website and had JavaScript enabled, a remote attacker could exploit this to conduct URL spoofing and clickjacking attacks. (CVE-2012-3984) Collin Jackson discovered that Thunderbird did not properly follow the HTML5 specification for document.domain behavior. If a user were tricked into opening a malicious website and had JavaScript enabled, a remote attacker could exploit this to conduct cross-site scripting (XSS) attacks via JavaScript execution. (CVE-2012-3985) Johnny Stenback discovered that Thunderbird did not properly perform security checks on test methods for DOMWindowUtils. (CVE-2012-3986) Alice White discovered that the security checks for GetProperty could be bypassed when using JSAPI. If a user were tricked into opening a specially crafted web page and had JavaScript enabled, a remote attacker could exploit this to execute arbitrary code as the user invoking the program. (CVE-2012-3991) Mariusz Mlynski discovered a history state error in Thunderbird. If a user were tricked into opening a malicious website and had JavaScript enabled, a remote attacker could exploit this to spoof the location property to inject script or intercept posted data. (CVE-2012-3992) Mariusz Mlynski and others discovered several flaws in Thunderbird that allowed a remote attacker to conduct cross-site scripting (XSS) attacks. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page and had JavaScript enabled, a remote attacker could exploit these to modify the contents, or steal confidential data, within the same domain. (CVE-2012-3993, CVE-2012-3994, CVE-2012-4184) Abhishek Arya, Atte Kettunen and others discovered several memory flaws in Thunderbird when using the Address Sanitizer tool. If a user were tricked into opening a malicious website and had JavaScript enabled, an attacker could exploit these to execute arbitrary JavaScript code within the context of another website or execute arbitrary code as the user invoking the program. (CVE-2012-3990, CVE-2012-3995, CVE-2012-4179, CVE-2012-4180, CVE-2012-4181, CVE-2012-4182, CVE-2012-4183, CVE-2012-4185, CVE-2012-4186, CVE-2012-4187, CVE-2012-4188) It was discovered that Thunderbird allowed improper access to the Location object. An attacker could exploit this to obtain sensitive information. Under certain circumstances, a remote attacker could use this vulnerability to potentially execute arbitrary code as the user invoking the program. (CVE-2012-4192, CVE-2012-4193). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 62548 published 2012-10-15 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62548 title Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : thunderbird vulnerabilities (USN-1611-1) NASL family SuSE Local Security Checks NASL id SUSE_FIREFOX-201210-8327.NASL description MozillaFirefox was updated to the 10.0.9ESR security release which fixes bugs and security issues : - Security researchers Thai Duong and Juliano Rizzo reported that SPDY last seen 2020-06-05 modified 2012-10-17 plugin id 62573 published 2012-10-17 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62573 title SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8327)
Oval
accepted | 2014-10-06T04:01:49.633-04:00 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||||||||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
description | Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has a SELECT element's menu active, which allows remote attackers to spoof page content via vectors involving absolute positioning and scrolling. | ||||||||||||||||||||||||||||||||||||||||||||||||||||
family | windows | ||||||||||||||||||||||||||||||||||||||||||||||||||||
id | oval:org.mitre.oval:def:16184 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||||||||||||||||||||||||||||||
submitted | 2013-05-13T10:26:26.748+04:00 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
title | Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has a SELECT element's menu active, which allows remote attackers to spoof page content via vectors involving absolute positioning and scrolling. | ||||||||||||||||||||||||||||||||||||||||||||||||||||
version | 37 |
References
- http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html
- http://secunia.com/advisories/50856
- http://secunia.com/advisories/50892
- http://secunia.com/advisories/50904
- http://secunia.com/advisories/50935
- http://secunia.com/advisories/50984
- http://www.mozilla.org/security/announce/2012/mfsa2012-75.html
- http://www.ubuntu.com/usn/USN-1611-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=575294
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16184