CVE-2012-5354
medium
CVSS v3
—
CVSS v2
6.8
VIR risk
6.8
Description
Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has multiple menus of SELECT elements active, which allows remote attackers to conduct clickjacking attacks via vectors involving an XPI file, the window.open method, and the Geolocation API, a different vulnerability than CVE-2012-3984.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cve@mitre.org — https://bugzilla.mozilla.org/show_bug.cgi?id=726264
Vendor advisory: cve@mitre.org — http://www.mozilla.org/security/announce/2012/mfsa2012-75.html
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| mozilla | firefox | {"endExcluding":"16.0"} | 16.0 |
| mozilla | seamonkey | {"endExcluding":"2.13"} | 2.13 |
| mozilla | thunderbird | {"endExcluding":"16.0"} | 16.0 |
References
- http://osvdb.org/86171
- http://secunia.com/advisories/50856
- http://secunia.com/advisories/50935
- http://www.mozilla.org/security/announce/2012/mfsa2012-75.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=726264
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16972
- http://osvdb.org/86171
- http://secunia.com/advisories/50856
- http://secunia.com/advisories/50935
- http://www.mozilla.org/security/announce/2012/mfsa2012-75.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=726264
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16972
Verify integrity in audit chain (admin only). AS-IS.