CVE-2012-5354
Mozilla Firefox < 16.0, Thunderbird < 16.0, and SeaMonkey < 2.13 - Clickjacking via SELECT Element Menus
Title source: llmDescription
Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has multiple menus of SELECT elements active, which allows remote attackers to conduct clickjacking attacks via vectors involving an XPI file, the window.open method, and the Geolocation API, a different vulnerability than CVE-2012-3984.
References (6)
Core 6
Core References
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/50935
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/50856
Vendor Advisory x_refsource_confirm
http://www.mozilla.org/security/announce/2012/mfsa2012-75.html
Third Party Advisory vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16972
Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=726264
Broken Link vdb-entry
x_refsource_osvdb
http://osvdb.org/86171
Scores
EPSS
0.0168
EPSS Percentile
74.3%
Details
Status
published
Products (3)
mozilla/firefox
< 16.0
mozilla/seamonkey
< 2.13
mozilla/thunderbird
< 16.0
Published
Oct 10, 2012
Tracked Since
Feb 18, 2026