http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/

http://isecpartners.com/blog/2012/9/14/details-on-the-crime-attack.html

SUSE-SU-2012:1351

http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312

http://www.ekoparty.org/2012/thai-duong.php

http://www.iacr.org/cryptodb/data/paper.php?pubkey=3091

http://www.theregister.co.uk/2012/09/14/crime_tls_attack/

https://bugzilla.redhat.com/show_bug.cgi?id=857737

https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls

The SPDY protocol 3, and earlier, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data. This allows man-in-the-middle attackers to obtain plain text HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header. The SPDY protocol 3, and earlier, is used in Mozilla Firefox, Google Chrome, and other products. (CVE-2012-4930)

Impact

Connections to virtual servers configured with the SPDY profile may be at risk.

Mozilla Firefox was updated to the 10.0.9ESR security release which fixes bugs and security issues :

  - Security researchers Thai Duong and Juliano Rizzo     reported that SPDY's request header compression leads to     information leakage, which can allow the extraction of     private data such as session cookies, even over an     encrypted SSL connection. (This does not affect Firefox     10 as it does not feature the SPDY extension. It was     silently fixed for Firefox 15.). (MFSA 2012-73 /     CVE-2012-3977)

  - Mozilla developers identified and fixed several memory     safety bugs in the browser engine used in Firefox and     other Mozilla-based products. Some of these bugs showed     evidence of memory corruption under certain     circumstances, and we presume that with enough effort at     least some of these could be exploited to run arbitrary     code. (MFSA 2012-74)

    In general these flaws cannot be exploited through email     in the Thunderbird and SeaMonkey products because     scripting is disabled, but are potentially a risk in     browser or browser-like contexts in those products.

  - Henrik Skupin, Jesse Ruderman and moz_bug_r_a4 reported     memory safety problems and crashes that affect Firefox     15. (CVE-2012-3983)

  - Christian Holler and Jesse Ruderman reported memory     safety problems and crashes that affect Firefox ESR 10     and Firefox 15. (CVE-2012-3982)

  - Security researcher David Bloom of Cue discovered that     'select' elements are always-on-top chromeless windows     and that navigation away from a page with an active     'select' menu does not remove this window.When another     menu is opened programmatically on a new page, the     original 'select' menu can be retained and arbitrary     HTML content within it rendered, allowing an attacker to     cover arbitrary portions of the new page through     absolute positioning/scrolling, leading to spoofing     attacks. Security researcher Jordi Chancel found a     variation that would allow for click-jacking attacks was     well. (MFSA 2012-75 / CVE-2012-3984)

    In general these flaws cannot be exploited through email     in the Thunderbird and SeaMonkey products because     scripting is disabled, but are potentially a risk in     browser or browser-like contexts in those products.
    References

    Navigation away from a page with an active 'select'     dropdown menu can be used for URL spoofing, other evil

    Firefox 10.0.1 : Navigation away from a page with     multiple active 'select' dropdown menu can be used for     Spoofing And ClickJacking with XPI using window.open and     geolocalisation

  - Security researcher Collin Jackson reported a violation     of the HTML5 specifications for document.domain     behavior. Specified behavior requires pages to only have     access to windows in a new document.domain but the     observed violation allowed pages to retain access to     windows from the page's initial origin in addition to     the new document.domain. This could potentially lead to     cross-site scripting (XSS) attacks. (MFSA 2012-76 /     CVE-2012-3985)

  - Mozilla developer Johnny Stenback discovered that     several methods of a feature used for testing     (DOMWindowUtils) are not protected by existing security     checks, allowing these methods to be called through     script by web pages. This was addressed by adding the     existing security checks to these methods. (MFSA 2012-77     / CVE-2012-3986)

  - Security researcher Warren He reported that when a page     is transitioned into Reader Mode in Firefox for Android,     the resulting page has chrome privileges and its content     is not thoroughly sanitized. A successful attack     requires user enabling of reader mode for a malicious     page, which could then perform an attack similar to     cross-site scripting (XSS) to gain the privileges     allowed to Firefox on an Android device. This has been     fixed by changing the Reader Mode page into an     unprivileged page. (MFSA 2012-78 / CVE-2012-3987)

    This vulnerability only affects Firefox for Android.

  - Security researcher Soroush Dalili reported that a     combination of invoking full screen mode and navigating     backwards in history could, in some circumstances, cause     a hang or crash due to a timing dependent use-after-free     pointer reference. This crash may be potentially     exploitable. (MFSA 2012-79 / CVE-2012-3988)

  - Mozilla community member Ms2ger reported a crash due to     an invalid cast when using the instanceof operator on     certain types of JavaScript objects. This can lead to a     potentially exploitable crash. (MFSA 2012-80 /     CVE-2012-3989)

  - Mozilla community member Alice White reported that when     the GetProperty function is invoked through JSAPI,     security checking can be bypassed when getting     cross-origin properties. This potentially allowed for     arbitrary code execution. (MFSA 2012-81 / CVE-2012-3991)

  - Security researcher Mariusz Mlynski reported that the     location property can be accessed by binary plugins     through top.location and top can be shadowed by     Object.defineProperty as well. This can allow for     possible cross-site scripting (XSS) attacks through     plugins. (MFSA 2012-82 / CVE-2012-3994)

  - Security researcher Mariusz Mlynski reported that when     InstallTrigger fails, it throws an error wrapped in a     Chrome Object Wrapper (COW) that fails to specify     exposed properties. These can then be added to the     resulting object by an attacker, allowing access to     chrome privileged functions through script. (MFSA     2012-83)

    While investigating this issue, Mozilla security     researcher moz_bug_r_a4 found that COW did not disallow     accessing of properties from a standard prototype in     some situations, even when the original issue had been     fixed.

    These issues could allow for a cross-site scripting     (XSS) attack or arbitrary code execution.

  - XrayWrapper pollution via unsafe COW. (CVE-2012-3993)

  - ChromeObjectWrapper is not implemented as intended.
    (CVE-2012-4184)

  - Security researcher Mariusz Mlynski reported an issue     with spoofing of the location property. In this issue,     writes to location.hash can be used in concert with     scripted history navigation to cause a specific website     to be loaded into the history object. The baseURI can     then be changed to this stored site, allowing an     attacker to inject a script or intercept posted data     posted to a location specified with a relative path.
    (MFSA 2012-84 / CVE-2012-3992)

  - Security researcher Abhishek Arya (Inferno) of the     Google Chrome Security Team discovered a series of     use-after-free, buffer overflow, and out of bounds read     issues using the Address Sanitizer tool in shipped     software. These issues are potentially exploitable,     allowing for remote code execution. We would also like     to thank Abhishek for reporting two additional     use-after-free flaws introduced during Firefox 16     development and fixed before general release. (MFSA     2012-85)

  - Out of bounds read in IsCSSWordSpacingSpace.
    (CVE-2012-3995)

  - Heap-use-after-free in     nsHTMLCSSUtils::CreateCSSPropertyTxn. (CVE-2012-4179)

  - Heap-buffer-overflow in     nsHTMLEditor::IsPrevCharInNodeWhitespace.
    (CVE-2012-4180)

  - Heap-use-after-free in     nsSMILAnimationController::DoSample. (CVE-2012-4181)

  - Heap-use-after-free in nsTextEditRules::WillInsert.
    (CVE-2012-4182)

  - Heap-use-after-free in DOMSVGTests::GetRequiredFeatures.
    (CVE-2012-4183)

  - Security researcher Atte Kettunen from OUSPG reported     several heap memory corruption issues found using the     Address Sanitizer tool. These issues are potentially     exploitable, allowing for remote code execution. (MFSA     2012-86)

  - Global-buffer-overflow in nsCharTraits::length.
    (CVE-2012-4185)

  - Heap-buffer-overflow in nsWaveReader::DecodeAudioData.
    (CVE-2012-4186)

  - Crash with ASSERTION: insPos too small. (CVE-2012-4187)

  - Heap-buffer-overflow in Convolve3x3. (CVE-2012-4188)

  - Security researcher miaubiz used the Address Sanitizer     tool to discover a use-after-free in the IME State     Manager code. This could lead to a potentially     exploitable crash. (MFSA 2012-87 / CVE-2012-3990)

  - Mozilla security researcher moz_bug_r_a4 reported a     regression where security wrappers are unwrapped without     doing a security check in defaultValue(). This can allow     for improper access access to the Location object. In     versions 15 and earlier of affected products, there was     also the potential for arbitrary code execution. (MFSA     2012-89 / CVE-2012-4192 / CVE-2012-4193)

The remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Mozilla Firefox,       Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the       CVE identifiers referenced below for details.
  Impact :

    A remote attacker could entice a user to view a specially crafted web       page or email, possibly resulting in execution of arbitrary code or a       Denial of Service condition. Furthermore, a remote attacker may be able       to perform Man-in-the-Middle attacks, obtain sensitive information,       bypass restrictions and protection mechanisms, force file downloads,       conduct XML injection attacks, conduct XSS attacks, bypass the Same       Origin Policy, spoof URL&rsquo;s for phishing attacks, trigger a vertical       scroll, spoof the location bar, spoof an SSL indicator, modify the       browser&rsquo;s font, conduct clickjacking attacks, or have other unspecified       impact.
    A local attacker could gain escalated privileges, obtain sensitive       information, or replace an arbitrary downloaded file.
  Workaround :

    There is no known workaround at this time.

MozillaFirefox was updated to the 10.0.9ESR security release which fixes bugs and security issues :

  - Security researchers Thai Duong and Juliano Rizzo     reported that SPDY's request header compression leads to     information leakage, which can allow the extraction of     private data such as session cookies, even over an     encrypted SSL connection. (This does not affect Firefox     10 as it does not feature the SPDY extension. It was     silently fixed for Firefox 15.). (MFSA 2012-73 /     CVE-2012-3977)

  - Mozilla developers identified and fixed several memory     safety bugs in the browser engine used in Firefox and     other Mozilla-based products. Some of these bugs showed     evidence of memory corruption under certain     circumstances, and we presume that with enough effort at     least some of these could be exploited to run arbitrary     code. (MFSA 2012-74)

    In general these flaws cannot be exploited through email     in the Thunderbird and SeaMonkey products because     scripting is disabled, but are potentially a risk in     browser or browser-like contexts in those products.

  - Henrik Skupin, Jesse Ruderman and moz_bug_r_a4 reported     memory safety problems and crashes that affect Firefox     15. (CVE-2012-3983)

  - Christian Holler and Jesse Ruderman reported memory     safety problems and crashes that affect Firefox ESR 10     and Firefox 15. (CVE-2012-3982)

  - Security researcher David Bloom of Cue discovered that     'select' elements are always-on-top chromeless windows     and that navigation away from a page with an active     'select' menu does not remove this window.When another     menu is opened programmatically on a new page, the     original 'select' menu can be retained and arbitrary     HTML content within it rendered, allowing an attacker to     cover arbitrary portions of the new page through     absolute positioning/scrolling, leading to spoofing     attacks. Security researcher Jordi Chancel found a     variation that would allow for click-jacking attacks was     well. (MFSA 2012-75 / CVE-2012-3984)

    In general these flaws cannot be exploited through email     in the Thunderbird and SeaMonkey products because     scripting is disabled, but are potentially a risk in     browser or browser-like contexts in those products.
    References

    Navigation away from a page with an active 'select'     dropdown menu can be used for URL spoofing, other evil

    Firefox 10.0.1 : Navigation away from a page with     multiple active 'select' dropdown menu can be used for     Spoofing And ClickJacking with XPI using window.open and     geolocalisation

  - Security researcher Collin Jackson reported a violation     of the HTML5 specifications for document.domain     behavior. Specified behavior requires pages to only have     access to windows in a new document.domain but the     observed violation allowed pages to retain access to     windows from the page's initial origin in addition to     the new document.domain. This could potentially lead to     cross-site scripting (XSS) attacks. (MFSA 2012-76 /     CVE-2012-3985)

  - Mozilla developer Johnny Stenback discovered that     several methods of a feature used for testing     (DOMWindowUtils) are not protected by existing security     checks, allowing these methods to be called through     script by web pages. This was addressed by adding the     existing security checks to these methods. (MFSA 2012-77     / CVE-2012-3986)

  - Security researcher Warren He reported that when a page     is transitioned into Reader Mode in Firefox for Android,     the resulting page has chrome privileges and its content     is not thoroughly sanitized. A successful attack     requires user enabling of reader mode for a malicious     page, which could then perform an attack similar to     cross-site scripting (XSS) to gain the privileges     allowed to Firefox on an Android device. This has been     fixed by changing the Reader Mode page into an     unprivileged page. (MFSA 2012-78 / CVE-2012-3987)

    This vulnerability only affects Firefox for Android.

  - Security researcher Soroush Dalili reported that a     combination of invoking full screen mode and navigating     backwards in history could, in some circumstances, cause     a hang or crash due to a timing dependent use-after-free     pointer reference. This crash may be potentially     exploitable. (MFSA 2012-79 / CVE-2012-3988)

  - Mozilla community member Ms2ger reported a crash due to     an invalid cast when using the instanceof operator on     certain types of JavaScript objects. This can lead to a     potentially exploitable crash. (MFSA 2012-80 /     CVE-2012-3989)

  - Mozilla community member Alice White reported that when     the GetProperty function is invoked through JSAPI,     security checking can be bypassed when getting     cross-origin properties. This potentially allowed for     arbitrary code execution. (MFSA 2012-81 / CVE-2012-3991)

  - Security researcher Mariusz Mlynski reported that the     location property can be accessed by binary plugins     through top.location and top can be shadowed by     Object.defineProperty as well. This can allow for     possible cross-site scripting (XSS) attacks through     plugins. (MFSA 2012-82 / CVE-2012-3994)

  - Security researcher Mariusz Mlynski reported that when     InstallTrigger fails, it throws an error wrapped in a     Chrome Object Wrapper (COW) that fails to specify     exposed properties. These can then be added to the     resulting object by an attacker, allowing access to     chrome privileged functions through script. (MFSA     2012-83)

    While investigating this issue, Mozilla security     researcher moz_bug_r_a4 found that COW did not disallow     accessing of properties from a standard prototype in     some situations, even when the original issue had been     fixed.

    These issues could allow for a cross-site scripting     (XSS) attack or arbitrary code execution.

  - XrayWrapper pollution via unsafe COW. (CVE-2012-3993)

  - ChromeObjectWrapper is not implemented as intended.
    (CVE-2012-4184)

  - Security researcher Mariusz Mlynski reported an issue     with spoofing of the location property. In this issue,     writes to location.hash can be used in concert with     scripted history navigation to cause a specific website     to be loaded into the history object. The baseURI can     then be changed to this stored site, allowing an     attacker to inject a script or intercept posted data     posted to a location specified with a relative path.
    (MFSA 2012-84 / CVE-2012-3992)

  - Security researcher Abhishek Arya (Inferno) of the     Google Chrome Security Team discovered a series of     use-after-free, buffer overflow, and out of bounds read     issues using the Address Sanitizer tool in shipped     software. These issues are potentially exploitable,     allowing for remote code execution. We would also like     to thank Abhishek for reporting two additional     use-after-free flaws introduced during Firefox 16     development and fixed before general release. (MFSA     2012-85)

  - Out of bounds read in IsCSSWordSpacingSpace.
    (CVE-2012-3995)

  - Heap-use-after-free in     nsHTMLCSSUtils::CreateCSSPropertyTxn. (CVE-2012-4179)

  - Heap-buffer-overflow in     nsHTMLEditor::IsPrevCharInNodeWhitespace.
    (CVE-2012-4180)

  - Heap-use-after-free in     nsSMILAnimationController::DoSample. (CVE-2012-4181)

  - Heap-use-after-free in nsTextEditRules::WillInsert.
    (CVE-2012-4182)

  - Heap-use-after-free in DOMSVGTests::GetRequiredFeatures.
    (CVE-2012-4183)

  - Security researcher Atte Kettunen from OUSPG reported     several heap memory corruption issues found using the     Address Sanitizer tool. These issues are potentially     exploitable, allowing for remote code execution. (MFSA     2012-86)

  - Global-buffer-overflow in nsCharTraits::length.
    (CVE-2012-4185)

  - Heap-buffer-overflow in nsWaveReader::DecodeAudioData.
    (CVE-2012-4186)

  - Crash with ASSERTION: insPos too small. (CVE-2012-4187)

  - Heap-buffer-overflow in Convolve3x3. (CVE-2012-4188)

  - Security researcher miaubiz used the Address Sanitizer     tool to discover a use-after-free in the IME State     Manager code. This could lead to a potentially     exploitable crash. (MFSA 2012-87 / CVE-2012-3990)

  - Mozilla security researcher moz_bug_r_a4 reported a     regression where security wrappers are unwrapped without     doing a security check in defaultValue(). This can allow     for improper access access to the Location object. In     versions 15 and earlier of affected products, there was     also the potential for arbitrary code execution. (MFSA     2012-89 / CVE-2012-4192 / CVE-2012-4193)

The remote service has one of two configurations that are known to be required for the CRIME attack :

  - SSL / TLS compression is enabled.

  - TLS advertises the SPDY protocol earlier than version 4.

Note that Nessus did not attempt to launch the CRIME attack against the remote service.

Versions of SeaMonkey 2.x earlier than 2.12 are potentially affected by the following security issues :

  - An error exists related to 'Object.defineProperty' and the location object that could allow cross-site scripting attacks. (CVE-2012-1956)

  - Unspecified memory safety issues exist. (CVE-2012-1970, CVE-2012-1971)

  - Multiple use-after-free errors exist. (CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976, CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959, CVE-2012-3960, CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964)

  - An error exists related to bitmap (BMP) and icon (ICO) file decoding that can lead to memory corruption, causing application crashes and potentially arbitrary code execution. (CVE-2012-3966)

  - A use-after-free error exists related to WebGL shaders. (CVE-2012-3968)

  - A buffer overflow exists related to SVG filters. (CVE-2012-3969)

  - A use-after-free error exists related to elements having 'requiredFeatures' attributes. (CVE-2012-3970)

  - A 'Graphite 2' library memory corruption error exists. (CVE-2012-3971)

  - An XSLT out-of-bounds read error exists related to 'format-number'. (CVE-2012-3972)

  - The DOM parser can unintentionally load linked resources in extensions. (CVE-2012-3975)

  - Incorrect SSL certificate information can be displayed in the address bar when two 'onLocationChange' events fire out of order. (CVE-2012-3976)

  - Security checks related to location objects can be bypassed if crafted calls are made to the browser chrome code. (CVE-2012-3978)

The installed version of SeaMonkey is earlier than 2.12.0. Such versions are potentially affected by the following security issues :

  - An error exists related to 'Object.defineProperty'     and the location object that could allow cross-site     scripting attacks. (CVE-2012-1956)

  - Unspecified memory safety issues exist. (CVE-2012-1970,     CVE-2012-1971)

  - Multiple use-after-free errors exist. (CVE-2012-1972,     CVE-2012-1973, CVE-2012-1974, CVE-2012-1975,     CVE-2012-1976, CVE-2012-3956, CVE-2012-3957,     CVE-2012-3958, CVE-2012-3959, CVE-2012-3960,     CVE-2012-3961, CVE-2012-3962, CVE-2012-3963,     CVE-2012-3964)

  - An error exists related to bitmap (BMP) and icon (ICO)     file decoding that can lead to memory corruption,     causing application crashes and potentially arbitrary     code execution. (CVE-2012-3966)

  - A use-after-free error exists related to WebGL shaders.
    (CVE-2012-3968)

  - A buffer overflow exists related to SVG filters.
    (CVE-2012-3969)

  - A use-after-free error exists related to elements     having 'requiredFeatures' attributes. (CVE-2012-3970)

  - A 'Graphite 2' library memory corruption error exists.
    (CVE-2012-3971)

  - An XSLT out-of-bounds read error exists related to     'format-number'. (CVE-2012-3972)

  - The DOM parser can unintentionally load linked     resources in extensions. (CVE-2012-3975)

  - Incorrect SSL certificate information can be displayed     in the address bar when two 'onLocationChange' events     fire out of order. (CVE-2012-3976)

  - Security checks related to location objects can be     bypassed if crafted calls are made to the browser     chrome code. (CVE-2012-3978)

  - SPDY's request header compression leads to information     leakage, which can allow private data such as session     cookies to be extracted, even over an SSL connection.
    (CVE-2012-4930)

The installed version of Firefox is earlier than 15.0 and thus, is potentially affected by the following security issues :

  - An error exists related to 'Object.defineProperty'     and the location object and  can allow cross-site     scripting attacks. (CVE-2012-1956)

  - Unspecified memory safety issues exist. (CVE-2012-1970,     CVE-2012-1971)

  - Multiple use-after-free errors exist. (CVE-2012-1972,     CVE-2012-1973, CVE-2012-1974, CVE-2012-1975,     CVE-2012-1976, CVE-2012-3956, CVE-2012-3957,     CVE-2012-3958, CVE-2012-3959, CVE-2012-3960,     CVE-2012-3961, CVE-2012-3962, CVE-2012-3963,     CVE-2012-3964)

  - An error exists related to 'about:newtab' and the     browser's history. This error can allow a newly opened     tab to further open a new window and navigate to the     privileged 'about:newtab' page leading to possible     privilege escalation. (CVE-2012-3965)

  - An error exists related to bitmap (BMP) and icon (ICO)     file decoding that can lead to memory corruption     causing application crashes and potentially arbitrary     code execution. (CVE-2012-3966)

  - A use-after-free error exists related to WebGL shaders.
    (CVE-2012-3968)

  - A buffer overflow exists related to SVG filters.
    (CVE-2012-3969)

  - A use-after-free error exists related to elements     having 'requiredFeatures' attributes. (CVE-2012-3970)

  - A 'Graphite 2' library memory corruption error exists.
    (CVE-2012-3971)

  - An XSLT out-of-bounds read error exists related to     'format-number'. (CVE-2012-3972)

  - Remote debugging is possible even when disabled and the     'HTTPMonitor' extension is enabled. (CVE-2012-3973)

  - The installer can be ticked into running unauthorized     executables. (CVE-2012-3974)

  - The DOM parser can unintentionally load linked     resources in extensions. (CVE-2012-3975)

  - Incorrect SSL certificate information can be displayed     in the address bar when two 'onLocationChange' events     fire out of order. (CVE-2012-3976)

  - Security checks related to location objects can be     bypassed if crafted calls are made to the browser     chrome code. (CVE-2012-3978)

  - Calling 'eval' in the web console can allow injected     code to be executed with browser chrome privileges.
    (CVE-2012-3980)

  - SPDY's request header compression leads to information     leakage, which can allow private data such as session     cookies to be extracted, even over an SSL connection.
    (CVE-2012-4930)

The installed version of Firefox is earlier than 15.0 and thus, is potentially affected by the following security issues :

  - An error exists related to 'Object.defineProperty'     and the location object that could allow cross-site     scripting attacks. (CVE-2012-1956)

  - Unspecified memory safety issues exist. (CVE-2012-1970,     CVE-2012-1971)

  - Multiple use-after-free errors exist. (CVE-2012-1972,     CVE-2012-1973, CVE-2012-1974, CVE-2012-1975,     CVE-2012-1976, CVE-2012-3956, CVE-2012-3957,     CVE-2012-3958, CVE-2012-3959, CVE-2012-3960,     CVE-2012-3961, CVE-2012-3962, CVE-2012-3963,     CVE-2012-3964)

  - An error exists related to 'about:newtab' and the     browser's history. This error can allow a newly opened     tab to further open a new window and navigate to the     privileged 'about:newtab' page leading to possible     privilege escalation. (CVE-2012-3965)

  - An error exists related to bitmap (BMP) and icon (ICO)     file decoding that can lead to memory corruption     causing application crashes and potentially arbitrary     code execution. (CVE-2012-3966)

  - A use-after-free error exists related to WebGL shaders.
    (CVE-2012-3968)

  - A buffer overflow exists related to SVG filters.
    (CVE-2012-3969)

  - A use-after-free error exists related to elements     having 'requiredFeatures' attributes. (CVE-2012-3970)

  - A 'Graphite 2' library memory corruption error exists.
    (CVE-2012-3971)

  - An XSLT out-of-bounds read error exists related to     'format-number'. (CVE-2012-3972)

  - Remote debugging is possible even when disabled and the     'HTTPMonitor' extension is enabled. (CVE-2012-3973)

  - The DOM parser can unintentionally load linked     resources in extensions. (CVE-2012-3975)

  - Incorrect SSL certificate information can be displayed     in the address bar when two 'onLocationChange' events     fire out of order. (CVE-2012-3976)

  - Security checks related to location objects can be     bypassed if crafted calls are made to the browser     chrome code. (CVE-2012-3978)

  - Calling 'eval' in the web console can allow injected     code to be executed with browser chrome privileges.
    (CVE-2012-3980)

  - SPDY's request header compression leads to information     leakage, which can allow private data such as session     cookies to be extracted, even over an SSL connection.
    (CVE-2012-4930)

ID	Name	Product	Family	Severity
88431	F5 Networks BIG-IP : CRIME vulnerability via the SPDY protocol (K14059)	Nessus	F5 Networks Local Security Checks	low
64133	SuSE 11.2 Security Update : Mozilla Firefox (SAT Patch Number 6951)	Nessus	SuSE Local Security Checks	critical
63402	GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)	Nessus	Gentoo Local Security Checks	critical
62573	SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8327)	Nessus	SuSE Local Security Checks	critical
62565	Transport Layer Security (TLS) Protocol CRIME Vulnerability	Nessus	General	low
801356	Mozilla SeaMonkey 2.x < 2.12 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
6561	SeaMonkey 2.x < 2.12 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
61718	SeaMonkey < 2.12.0 Multiple Vulnerabilities	Nessus	Windows	critical
61715	Firefox < 15.0 Multiple Vulnerabilities	Nessus	Windows	critical
61711	Firefox < 15.0 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	critical

CVE-2012-4930

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Tenable Plugins