CVE-2012-0458

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict setting the home page through the dragging of a URL to the home button, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a javascript: URL that is later interpreted in the about:sessionrestore context.

References

http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html

http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html

http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html

http://rhn.redhat.com/errata/RHSA-2012-0387.html

http://rhn.redhat.com/errata/RHSA-2012-0388.html

http://secunia.com/advisories/48359

http://secunia.com/advisories/48402

http://secunia.com/advisories/48414

http://secunia.com/advisories/48495

http://secunia.com/advisories/48496

http://secunia.com/advisories/48513

http://secunia.com/advisories/48553

http://secunia.com/advisories/48561

http://secunia.com/advisories/48624

http://secunia.com/advisories/48629

http://secunia.com/advisories/48823

http://secunia.com/advisories/48920

http://www.debian.org/security/2012/dsa-2433

http://www.debian.org/security/2012/dsa-2458

http://www.mandriva.com/security/advisories?name=MDVSA-2012:031

http://www.mandriva.com/security/advisories?name=MDVSA-2012:032

http://www.mozilla.org/security/announce/2012/mfsa2012-16.html

http://www.securityfocus.com/bid/52460

http://www.securitytracker.com/id?1026801

http://www.securitytracker.com/id?1026803

http://www.securitytracker.com/id?1026804

http://www.ubuntu.com/usn/USN-1400-1

http://www.ubuntu.com/usn/USN-1400-2

http://www.ubuntu.com/usn/USN-1400-3

http://www.ubuntu.com/usn/USN-1400-4

http://www.ubuntu.com/usn/USN-1400-5

http://www.ubuntu.com/usn/USN-1401-1

https://bugzilla.mozilla.org/show_bug.cgi?id=718203

https://bugzilla.mozilla.org/show_bug.cgi?id=719994

https://bugzilla.mozilla.org/show_bug.cgi?id=723808

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15122

Details

Source: MITRE

Published: 2012-03-14

Updated: 2018-01-18

Type: CWE-264

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* versions up to 3.6.27 (inclusive)

Configuration 2

OR

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* versions up to 10.0 (inclusive)

Configuration 3

OR

cpe:2.3:a:mozilla:firefox_esr:10.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:10.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:10.0.2:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* versions from 1.0 to 3.1.19 (inclusive)

Configuration 5

OR

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* versions up to 10.0 (inclusive)

Configuration 6

OR

cpe:2.3:a:mozilla:thunderbird_esr:10.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird_esr:10.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird_esr:10.0.2:*:*:*:*:*:*:*

Configuration 7

OR

cpe:2.3:a:mozilla:seamonkey:-:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.5.0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.5.0.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.5.0.10:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0.10:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0.11:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0.12:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0.13:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0.14:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.1:alpha1:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.1:alpha2:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.1:alpha3:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.1:beta1:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.1:beta2:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.1:beta3:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.1:rc1:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.1:rc2:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.2:beta1:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.2:beta2:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.2:beta3:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.3:beta1:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.3:beta2:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.3:beta3:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.3.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.3.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.3.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.4:beta1:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.4:beta2:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.4:beta3:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.4.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.5:beta1:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.5:beta2:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.5:beta3:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.5:beta4:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.6:beta1:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.6:beta2:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.6:beta3:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.6:beta4:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.6.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.7:beta1:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.7:beta2:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.7:beta3:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.7:beta4:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.7:beta5:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.7.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.7.2:*:*:*:*:*:*:*

Tenable Plugins

View all (45 total)

IDNameProductFamilySeverity
80785Oracle Solaris Third-Party Patch Update : thunderbird (multiple_vulnerabilities_in_thunderbird4)NessusSolaris Local Security Checks
high
80606Oracle Solaris Third-Party Patch Update : firefox (multiple_vulnerabilities_in_firefox_web)NessusSolaris Local Security Checks
high
74574openSUSE Security Update : MozillaFirefox / MozillaThunderbird (openSUSE-SU-2012:0417-1)NessusSuSE Local Security Checks
high
68496Oracle Linux 6 : thunderbird (ELSA-2012-0388)NessusOracle Linux Local Security Checks
high
68495Oracle Linux 5 / 6 : firefox (ELSA-2012-0387)NessusOracle Linux Local Security Checks
high
63402GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)NessusGentoo Local Security Checks
critical
61283Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64 (20120314)NessusScientific Linux Local Security Checks
high
61282Scientific Linux Security Update : firefox on SL5.x, SL6.x i386/x86_64 (20120314)NessusScientific Linux Local Security Checks
high
58855Debian DSA-2458-2 : iceape - several vulnerabilitiesNessusDebian Local Security Checks
critical
58807Ubuntu 11.04 : gsettings-desktop-schemas regression (USN-1400-5)NessusUbuntu Local Security Checks
high
58771Mandriva Linux Security Advisory : mozilla (MDVSA-2012:032-1)NessusMandriva Local Security Checks
high
58589Ubuntu 11.10 : thunderbird regressions (USN-1400-4)NessusUbuntu Local Security Checks
high
58525SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8029)NessusSuSE Local Security Checks
high
58524SuSE 11.1 Security Update : Mozilla Firefox (SAT Patch Number 6007)NessusSuSE Local Security Checks
high
58481Ubuntu 10.04 LTS / 10.10 / 11.04 : thunderbird vulnerabilities (USN-1401-2)NessusUbuntu Local Security Checks
high
58425Ubuntu 11.10 : thunderbird vulnerabilities (USN-1400-3)NessusUbuntu Local Security Checks
high
58417Debian DSA-2437-1 : icedove - several vulnerabilitiesNessusDebian Local Security Checks
high
58397Ubuntu 10.04 LTS / 10.10 : xulrunner-1.9.2 vulnerabilities (USN-1401-1)NessusUbuntu Local Security Checks
high
58384Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : ubufox update (USN-1400-2)NessusUbuntu Local Security Checks
high
58383Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : firefox vulnerabilities (USN-1400-1)NessusUbuntu Local Security Checks
high
801378Mozilla Thunderbird 3.1.x < 3.1.20 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
801370Mozilla Thunderbird 10.x < 10.0.3 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
801364Mozilla Firefox 3.6.x < 3.6.28 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
6353Mozilla Thunderbird 3.1.x < 3.1.20 Multiple VulnerabilitiesNessus Network MonitorSMTP Clients
high
6352Mozilla Thunderbird 10.x < 10.0.3 Multiple VulnerabilitiesNessus Network MonitorSMTP Clients
high
6351Mozilla Firefox 3.6.x < 3.6.28 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
58357Debian DSA-2433-1 : iceweasel - several vulnerabilitiesNessusDebian Local Security Checks
high
801337Mozilla SeaMonkey 2.x < 2.8 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
801284Mozilla Firefox 10.x < 10.0.3 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
6354SeaMonkey 2.x < 2.8 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
6350Mozilla Firefox ESR 10.x < 10.0.3 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
58356Thunderbird 3.1.x < 3.1.20 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
high
58355Thunderbird 10.0.x < 10.0.3 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
high
58354Firefox 3.6.x < 3.6.28 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
high
58353Firefox < 10.0.3 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
high
58352SeaMonkey < 2.8.0 Multiple VulnerabilitiesNessusWindows
high
58351Mozilla Thunderbird 3.1.x < 3.1.20 Multiple VulnerabilitiesNessusWindows
high
58350Mozilla Thunderbird 10.0.x < 10.0.3 Multiple VulnerabilitiesNessusWindows
high
58349Firefox 3.6.x < 3.6.28 Multiple VulnerabilitiesNessusWindows
high
58348Firefox 10.0.x < 10.0.3 Multiple VulnerabilitiesNessusWindows
high
58347FreeBSD : mozilla -- multiple vulnerabilities (a1050b8b-6db3-11e1-8b37-0011856a6e37)NessusFreeBSD Local Security Checks
high
58345CentOS 5 / 6 : thunderbird (CESA-2012:0388)NessusCentOS Local Security Checks
high
58344CentOS 5 / 6 : firefox (CESA-2012:0387)NessusCentOS Local Security Checks
high
58339RHEL 5 / 6 : thunderbird (RHSA-2012:0388)NessusRed Hat Local Security Checks
high
58338RHEL 5 / 6 : firefox (RHSA-2012:0387)NessusRed Hat Local Security Checks
high