CVE-2012-3986medium
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils) methods, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code.
References
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html
http://rhn.redhat.com/errata/RHSA-2012-1351.html
http://secunia.com/advisories/50856
http://secunia.com/advisories/50892
http://secunia.com/advisories/50904
http://secunia.com/advisories/50935
http://secunia.com/advisories/50936
http://secunia.com/advisories/50984
http://secunia.com/advisories/51181
http://secunia.com/advisories/55318
http://www.debian.org/security/2012/dsa-2565
http://www.debian.org/security/2012/dsa-2569
http://www.debian.org/security/2012/dsa-2572
http://www.mandriva.com/security/advisories?name=MDVSA-2012:163
http://www.mozilla.org/security/announce/2012/mfsa2012-77.html
http://www.securityfocus.com/bid/55922
http://www.ubuntu.com/usn/USN-1611-1
https://bugzilla.mozilla.org/show_bug.cgi?id=775868
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16834
Vulnerable Software
Configuration 1
OR
Configuration 2
OR
Configuration 3
OR
Configuration 4
OR
Configuration 5
OR
Configuration 6
OR
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Configuration 7
OR
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_sdk:10:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 83562 | SUSE SLED10 / SLED11 / SLES10 / SLES11 Security Update : Mozilla Firefox (SUSE-SU-2012:1351-1) | Nessus | SuSE Local Security Checks | critical |
| 74779 | openSUSE Security Update : MozillaFirefox (openSUSE-SU-2012:1345-1) | Nessus | SuSE Local Security Checks | critical |
| 68636 | Oracle Linux 6 : thunderbird (ELSA-2012-1351) | Nessus | Oracle Linux Local Security Checks | high |
| 68635 | Oracle Linux 5 / 6 : firefox (ELSA-2012-1350) | Nessus | Oracle Linux Local Security Checks | high |
| 64133 | SuSE 11.2 Security Update : Mozilla Firefox (SAT Patch Number 6951) | Nessus | SuSE Local Security Checks | critical |
| 63402 | GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST) | Nessus | Gentoo Local Security Checks | critical |
| 62805 | Debian DSA-2572-1 : iceape - several vulnerabilities | Nessus | Debian Local Security Checks | critical |
| 62748 | Debian DSA-2569-1 : icedove - several vulnerabilities | Nessus | Debian Local Security Checks | critical |
| 62667 | Debian DSA-2565-1 : iceweasel - several vulnerabilities | Nessus | Debian Local Security Checks | critical |
| 62583 | SeaMonkey < 2.13 Multiple Vulnerabilities | Nessus | Windows | critical |
| 62582 | Mozilla Thunderbird < 16.0 Multiple Vulnerabilities | Nessus | Windows | critical |
| 62581 | Mozilla Thunderbird 10.0.x < 10.0.8 Multiple Vulnerabilities | Nessus | Windows | critical |
| 62580 | Firefox < 16.0 Multiple Vulnerabilities | Nessus | Windows | critical |
| 62579 | Firefox 10.0.x < 10.0.8 Multiple Vulnerabilities | Nessus | Windows | critical |
| 62578 | Mozilla Thunderbird < 16.0 Multiple Vulnerabilities (Mac OS X) | Nessus | MacOS X Local Security Checks | critical |
| 62577 | Mozilla Thunderbird 10.0.x < 10.0.8 Multiple Vulnerabilities (Mac OS X) | Nessus | MacOS X Local Security Checks | critical |
| 62576 | Firefox < 16.0 Multiple Vulnerabilities (Mac OS X) | Nessus | MacOS X Local Security Checks | critical |
| 62575 | Firefox < 10.0.8 Multiple Vulnerabilities (Mac OS X) | Nessus | MacOS X Local Security Checks | critical |
| 62573 | SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8327) | Nessus | SuSE Local Security Checks | critical |
| 801325 | Mozilla Firefox 15.x <= 15 Multiple Vulnerabilities | Log Correlation Engine | Web Clients | high |
| 801323 | Mozilla Thunderbird 15.x <= 15 Multiple Vulnerabilities | Log Correlation Engine | SMTP Clients | high |
| 801301 | Mozilla SeaMonkey 2.x < 2.13 Multiple Vulnerabilities | Log Correlation Engine | Web Clients | high |
| 6604 | Mozilla Thunderbird < 16.0.1 Multiple Vulnerabilities | Nessus Network Monitor | SMTP Clients | high |
| 6603 | SeaMonkey 2.x < 2.13 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | high |
| 6602 | Mozilla Firefox < 16.0 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | high |
| 62548 | Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : thunderbird vulnerabilities (USN-1611-1) | Nessus | Ubuntu Local Security Checks | critical |
| 62493 | Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64 (20121009) | Nessus | Scientific Linux Local Security Checks | critical |
| 62492 | Scientific Linux Security Update : firefox on SL5.x, SL6.x i386/x86_64 (20121009) | Nessus | Scientific Linux Local Security Checks | critical |
| 62490 | FreeBSD : mozilla -- multiple vulnerabilities (6e5a9afd-12d3-11e2-b47d-c8600054b392) | Nessus | FreeBSD Local Security Checks | critical |
| 62485 | CentOS 5 / 6 : thunderbird (CESA-2012:1351) | Nessus | CentOS Local Security Checks | high |
| 62484 | CentOS 5 / 6 : firefox (CESA-2012:1350) | Nessus | CentOS Local Security Checks | high |
| 62476 | Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : firefox vulnerabilities (USN-1600-1) | Nessus | Ubuntu Local Security Checks | critical |
| 62473 | RHEL 5 / 6 : thunderbird (RHSA-2012:1351) | Nessus | Red Hat Local Security Checks | high |
| 62472 | RHEL 5 / 6 : firefox (RHSA-2012:1350) | Nessus | Red Hat Local Security Checks | high |