CVE-2012-1967

HIGH

Description

Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript sandbox utility, which allows remote attackers to execute arbitrary JavaScript code with improper privileges via a javascript: URL.

ID	Name	Product	Family	Severity
80787	Oracle Solaris Third-Party Patch Update : thunderbird (multiple_vulnerabilities_in_thunderbird7)	Nessus	Solaris Local Security Checks	critical
74698	openSUSE Security Update : seamonkey (openSUSE-SU-2012:0935-1)	Nessus	SuSE Local Security Checks	critical
74693	openSUSE Security Update : xulrunner (openSUSE-SU-2012:0924-1)	Nessus	SuSE Local Security Checks	critical
74691	openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2012:0917-1)	Nessus	SuSE Local Security Checks	critical
74687	openSUSE Security Update : MozillaFirefox (openSUSE-SU-2012:0899-1)	Nessus	SuSE Local Security Checks	critical
68579	Oracle Linux 6 : thunderbird (ELSA-2012-1089)	Nessus	Oracle Linux Local Security Checks	critical
68578	Oracle Linux 5 / 6 : firefox (ELSA-2012-1088)	Nessus	Oracle Linux Local Security Checks	critical
64131	SuSE 11.1 Security Update : Mozilla Firefox (SAT Patch Number 6574)	Nessus	SuSE Local Security Checks	critical
63402	GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)	Nessus	Gentoo Local Security Checks	critical
61963	Mandriva Linux Security Advisory : mozilla (MDVSA-2012:110-1)	Nessus	Mandriva Local Security Checks	critical
61537	Debian DSA-2528-1 : icedove - several vulnerabilities	Nessus	Debian Local Security Checks	critical
61402	FreeBSD : mozilla -- multiple vulnerabilities (dbf338d0-dce5-11e1-b655-14dae9ebcf89)	Nessus	FreeBSD Local Security Checks	critical
61367	Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	critical
61364	Scientific Linux Security Update : firefox on SL5.x, SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	critical
801366	Mozilla Thunderbird 13.x < 13 Multiple Vulnerabilities	Log Correlation Engine	SMTP Clients	high
801282	Mozilla Firefox 13.x < 13 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
60092	SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8226)	Nessus	SuSE Local Security Checks	critical
6521	SeaMonkey 2.x < 2.11 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
6520	Mozilla Thunderbird < 14.0 Multiple Vulnerabilities	Nessus Network Monitor	SMTP Clients	high
6519	Mozilla Firefox < 14.0 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
60046	SeaMonkey < 2.11.0 Multiple Vulnerabilities	Nessus	Windows	critical
60045	Mozilla Thunderbird < 14.0 Multiple Vulnerabilities	Nessus	Windows	critical
60044	Mozilla Thunderbird 10.0.x < 10.0.6 Multiple Vulnerabilities	Nessus	Windows	critical
60043	Firefox < 14.0 Multiple Vulnerabilities	Nessus	Windows	critical
60042	Firefox 10.0.x < 10.0.6 Multiple Vulnerabilities	Nessus	Windows	critical
60041	Thunderbird < 14.0 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	critical
60040	Thunderbird 10.0.x < 10.0.6 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	critical
60039	Firefox < 14.0 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	critical
60038	Firefox < 10.0.6 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	critical
60014	Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : thunderbird vulnerabilities (USN-1510-1)	Nessus	Ubuntu Local Security Checks	critical
60013	Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : ubufox update (USN-1509-2)	Nessus	Ubuntu Local Security Checks	critical
60012	Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : firefox vulnerabilities (USN-1509-1)	Nessus	Ubuntu Local Security Checks	critical
60009	RHEL 5 / 6 : thunderbird (RHSA-2012:1089)	Nessus	Red Hat Local Security Checks	critical
60008	RHEL 5 / 6 : firefox (RHSA-2012:1088)	Nessus	Red Hat Local Security Checks	critical
60005	Debian DSA-2514-1 : iceweasel - several vulnerabilities	Nessus	Debian Local Security Checks	critical
60004	Debian DSA-2513-1 : iceape - several vulnerabilities	Nessus	Debian Local Security Checks	critical
59999	CentOS 5 / 6 : thunderbird (CESA-2012:1089)	Nessus	CentOS Local Security Checks	critical
59998	CentOS 5 / 6 : firefox (CESA-2012:1088)	Nessus	CentOS Local Security Checks	critical

CVE-2012-1967

Description

References

Details

Risk Information

CVSS v2.0