CVE-2012-3985medium
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly implement the HTML5 Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging initial-origin access after document.domain has been set.
References
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html
http://secunia.com/advisories/50856
http://secunia.com/advisories/50892
http://secunia.com/advisories/50904
http://secunia.com/advisories/50935
http://secunia.com/advisories/50984
http://www.mozilla.org/security/announce/2012/mfsa2012-76.html
http://www.ubuntu.com/usn/USN-1611-1
https://bugzilla.mozilla.org/show_bug.cgi?id=655649
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16108
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Configuration 2
OR
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
Configuration 3
OR
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 83562 | SUSE SLED10 / SLED11 / SLES10 / SLES11 Security Update : Mozilla Firefox (SUSE-SU-2012:1351-1) | Nessus | SuSE Local Security Checks | critical |
| 74779 | openSUSE Security Update : MozillaFirefox (openSUSE-SU-2012:1345-1) | Nessus | SuSE Local Security Checks | critical |
| 64133 | SuSE 11.2 Security Update : Mozilla Firefox (SAT Patch Number 6951) | Nessus | SuSE Local Security Checks | critical |
| 63402 | GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST) | Nessus | Gentoo Local Security Checks | critical |
| 62583 | SeaMonkey < 2.13 Multiple Vulnerabilities | Nessus | Windows | critical |
| 62582 | Mozilla Thunderbird < 16.0 Multiple Vulnerabilities | Nessus | Windows | critical |
| 62580 | Firefox < 16.0 Multiple Vulnerabilities | Nessus | Windows | critical |
| 62578 | Mozilla Thunderbird < 16.0 Multiple Vulnerabilities (Mac OS X) | Nessus | MacOS X Local Security Checks | critical |
| 62576 | Firefox < 16.0 Multiple Vulnerabilities (Mac OS X) | Nessus | MacOS X Local Security Checks | critical |
| 62573 | SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8327) | Nessus | SuSE Local Security Checks | critical |
| 801325 | Mozilla Firefox 15.x <= 15 Multiple Vulnerabilities | Log Correlation Engine | Web Clients | high |
| 801323 | Mozilla Thunderbird 15.x <= 15 Multiple Vulnerabilities | Log Correlation Engine | SMTP Clients | high |
| 801301 | Mozilla SeaMonkey 2.x < 2.13 Multiple Vulnerabilities | Log Correlation Engine | Web Clients | high |
| 6604 | Mozilla Thunderbird < 16.0.1 Multiple Vulnerabilities | Nessus Network Monitor | SMTP Clients | high |
| 6603 | SeaMonkey 2.x < 2.13 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | high |
| 6602 | Mozilla Firefox < 16.0 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | high |
| 62548 | Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : thunderbird vulnerabilities (USN-1611-1) | Nessus | Ubuntu Local Security Checks | critical |
| 62490 | FreeBSD : mozilla -- multiple vulnerabilities (6e5a9afd-12d3-11e2-b47d-c8600054b392) | Nessus | FreeBSD Local Security Checks | critical |
| 62476 | Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : firefox vulnerabilities (USN-1600-1) | Nessus | Ubuntu Local Security Checks | critical |