CVE-2012-3976

Firefox < 15.0 and SeaMonkey < 2.12 - Certificate Spoofing via onLocationChange Event

Title source: llm
STIX 2.1

Description

Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate information in the address bar via a crafted web page.

References (11)

Core 11
Core References
Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=768568
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1548-1
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1548-2
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-1210.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/55313
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html

Scores

EPSS 0.0078
EPSS Percentile 73.8%

Details

CWE
CWE-200
Status published
Products (20)
canonical/ubuntu_linux 10.04
canonical/ubuntu_linux 11.04
canonical/ubuntu_linux 11.10
canonical/ubuntu_linux 12.04
mozilla/firefox < 15.0
mozilla/seamonkey < 2.12
opensuse/opensuse 12.2
redhat/enterprise_linux_desktop 5.0
redhat/enterprise_linux_desktop 6.0
redhat/enterprise_linux_eus 6.3
... and 10 more
Published Aug 29, 2012
Tracked Since Feb 18, 2026