CVE-2012-5354

Mozilla Firefox < 16.0, Thunderbird < 16.0, and SeaMonkey < 2.13 - Clickjacking via SELECT Element Menus

Title source: llm
STIX 2.1

Description

Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has multiple menus of SELECT elements active, which allows remote attackers to conduct clickjacking attacks via vectors involving an XPI file, the window.open method, and the Geolocation API, a different vulnerability than CVE-2012-3984.

References (6)

Core 6
Core References
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/50935
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/50856
Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=726264
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/86171

Scores

EPSS 0.0168
EPSS Percentile 74.3%

Details

Status published
Products (3)
mozilla/firefox < 16.0
mozilla/seamonkey < 2.13
mozilla/thunderbird < 16.0
Published Oct 10, 2012
Tracked Since Feb 18, 2026