CVE-2012-3992

Mozilla Firefox < 16.0 - Cross-Site Scripting via History Navigation

Title source: llm

Description

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage history data, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive POST content via vectors involving a location.hash write operation and history navigation that triggers the loading of a URL into the history object.

References (15)

Core 15

Core References

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/50904

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/50984

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/50935

Vendor Advisory x_refsource_confirm

http://www.mozilla.org/security/announce/2012/mfsa2012-84.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/50856

Third Party Advisory vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16987

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/50892

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/56128

Third Party Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2012-1351.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/50936

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/55318

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html

Third Party Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2012:163

Issue Tracking, Vendor Advisory x_refsource_confirm

https://bugzilla.mozilla.org/show_bug.cgi?id=775009

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-1611-1

Scores

EPSS 0.0114

EPSS Percentile 78.6%

Details

CWE

CWE-79

Status published

Products (20)

canonical/ubuntu_linux 10.04

canonical/ubuntu_linux 11.04

canonical/ubuntu_linux 11.10

canonical/ubuntu_linux 12.04

mozilla/firefox < 10.0.8

mozilla/seamonkey < 2.13

mozilla/thunderbird < 16.0

mozilla/thunderbird_esr < 10.0.8

redhat/enterprise_linux_desktop 5.0

redhat/enterprise_linux_desktop 6.0

... and 10 more

Published Oct 10, 2012

Tracked Since Feb 18, 2026