Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2012-0460
HistoryMar 14, 2012 - 7:55 p.m.

CVE-2012-0460

2012-03-1419:55:02
CWE-264
[email protected]
web.nvd.nist.gov
48
mozilla firefox
thunderbird
window.fullscreen
write access
spoofing
cve-2012-0460
nvd

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

9 High

AI Score

Confidence

High

0.015 Low

EPSS

Percentile

87.2%

JSON

Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict write access to the window.fullScreen object, which allows remote attackers to spoof the user interface via a crafted web page.

Affected configurations

NVD
Node
mozillafirefoxMatch4.0
OR
mozillafirefoxMatch4.0beta1
OR
mozillafirefoxMatch4.0beta10
OR
mozillafirefoxMatch4.0beta11
OR
mozillafirefoxMatch4.0beta12
OR
mozillafirefoxMatch4.0beta2
OR
mozillafirefoxMatch4.0beta3
OR
mozillafirefoxMatch4.0beta4
OR
mozillafirefoxMatch4.0beta5
OR
mozillafirefoxMatch4.0beta6
OR
mozillafirefoxMatch4.0beta7
OR
mozillafirefoxMatch4.0beta8
OR
mozillafirefoxMatch4.0beta9
OR
mozillafirefoxMatch4.0.1
OR
mozillafirefoxMatch5.0
OR
mozillafirefoxMatch5.0.1
OR
mozillafirefoxMatch6.0
OR
mozillafirefoxMatch6.0.1
OR
mozillafirefoxMatch6.0.2
OR
mozillafirefoxMatch7.0
OR
mozillafirefoxMatch7.0.1
OR
mozillafirefoxMatch8.0
OR
mozillafirefoxMatch8.0.1
OR
mozillafirefoxMatch9.0
OR
mozillafirefoxMatch9.0.1
Node
mozillafirefox_esrMatch10.0
OR
mozillafirefox_esrMatch10.1
OR
mozillafirefox_esrMatch10.2
Node
mozillathunderbirdMatch5.0
OR
mozillathunderbirdMatch6.0
OR
mozillathunderbirdMatch6.0.1
OR
mozillathunderbirdMatch6.0.2
OR
mozillathunderbirdMatch7.0
OR
mozillathunderbirdMatch7.0.1
OR
mozillathunderbirdMatch8.0
OR
mozillathunderbirdMatch9.0
OR
mozillathunderbirdMatch9.0.1
Node
mozillathunderbird_esrMatch10.0
OR
mozillathunderbird_esrMatch10.0.1
OR
mozillathunderbird_esrMatch10.0.2
Node
mozillaseamonkeyRange2.7beta5
OR
mozillaseamonkeyMatch1.0
OR
mozillaseamonkeyMatch1.0alpha
OR
mozillaseamonkeyMatch1.0beta
OR
mozillaseamonkeyMatch1.0.1
OR
mozillaseamonkeyMatch1.0.2
OR
mozillaseamonkeyMatch1.0.3
OR
mozillaseamonkeyMatch1.0.4
OR
mozillaseamonkeyMatch1.0.5
OR
mozillaseamonkeyMatch1.0.6
OR
mozillaseamonkeyMatch1.0.7
OR
mozillaseamonkeyMatch1.0.8
OR
mozillaseamonkeyMatch1.0.9
OR
mozillaseamonkeyMatch1.1
OR
mozillaseamonkeyMatch1.1alpha
OR
mozillaseamonkeyMatch1.1beta
OR
mozillaseamonkeyMatch1.1.1
OR
mozillaseamonkeyMatch1.1.2
OR
mozillaseamonkeyMatch1.1.3
OR
mozillaseamonkeyMatch1.1.4
OR
mozillaseamonkeyMatch1.1.5
OR
mozillaseamonkeyMatch1.1.6
OR
mozillaseamonkeyMatch1.1.7
OR
mozillaseamonkeyMatch1.1.8
OR
mozillaseamonkeyMatch1.1.9
OR
mozillaseamonkeyMatch1.1.10
OR
mozillaseamonkeyMatch1.1.11
OR
mozillaseamonkeyMatch1.1.12
OR
mozillaseamonkeyMatch1.1.13
OR
mozillaseamonkeyMatch1.1.14
OR
mozillaseamonkeyMatch1.1.15
OR
mozillaseamonkeyMatch1.1.16
OR
mozillaseamonkeyMatch1.1.17
OR
mozillaseamonkeyMatch1.1.18
OR
mozillaseamonkeyMatch1.1.19
OR
mozillaseamonkeyMatch1.5.0.8
OR
mozillaseamonkeyMatch1.5.0.9
OR
mozillaseamonkeyMatch1.5.0.10
OR
mozillaseamonkeyMatch2.0
OR
mozillaseamonkeyMatch2.0alpha_1
OR
mozillaseamonkeyMatch2.0alpha_2
OR
mozillaseamonkeyMatch2.0alpha_3
OR
mozillaseamonkeyMatch2.0beta_1
OR
mozillaseamonkeyMatch2.0beta_2
OR
mozillaseamonkeyMatch2.0rc1
OR
mozillaseamonkeyMatch2.0rc2
OR
mozillaseamonkeyMatch2.0.1
OR
mozillaseamonkeyMatch2.0.2
OR
mozillaseamonkeyMatch2.0.3
OR
mozillaseamonkeyMatch2.0.4
OR
mozillaseamonkeyMatch2.0.5
OR
mozillaseamonkeyMatch2.0.6
OR
mozillaseamonkeyMatch2.0.7
OR
mozillaseamonkeyMatch2.0.8
OR
mozillaseamonkeyMatch2.0.9
OR
mozillaseamonkeyMatch2.0.10
OR
mozillaseamonkeyMatch2.0.11
OR
mozillaseamonkeyMatch2.0.12
OR
mozillaseamonkeyMatch2.0.13
OR
mozillaseamonkeyMatch2.0.14
OR
mozillaseamonkeyMatch2.1
OR
mozillaseamonkeyMatch2.1alpha1
OR
mozillaseamonkeyMatch2.1alpha2
OR
mozillaseamonkeyMatch2.1alpha3
OR
mozillaseamonkeyMatch2.1beta1
OR
mozillaseamonkeyMatch2.1beta2
OR
mozillaseamonkeyMatch2.1beta3
OR
mozillaseamonkeyMatch2.1rc1
OR
mozillaseamonkeyMatch2.1rc2
OR
mozillaseamonkeyMatch2.2
OR
mozillaseamonkeyMatch2.2beta1
OR
mozillaseamonkeyMatch2.2beta2
OR
mozillaseamonkeyMatch2.2beta3
OR
mozillaseamonkeyMatch2.3
OR
mozillaseamonkeyMatch2.3beta1
OR
mozillaseamonkeyMatch2.3beta2
OR
mozillaseamonkeyMatch2.3beta3
OR
mozillaseamonkeyMatch2.3.1
OR
mozillaseamonkeyMatch2.3.2
OR
mozillaseamonkeyMatch2.3.3
OR
mozillaseamonkeyMatch2.4
OR
mozillaseamonkeyMatch2.4beta1
OR
mozillaseamonkeyMatch2.4beta2
OR
mozillaseamonkeyMatch2.4beta3
OR
mozillaseamonkeyMatch2.4.1
OR
mozillaseamonkeyMatch2.5
OR
mozillaseamonkeyMatch2.5beta1
OR
mozillaseamonkeyMatch2.5beta2
OR
mozillaseamonkeyMatch2.5beta3
OR
mozillaseamonkeyMatch2.5beta4
OR
mozillaseamonkeyMatch2.6
OR
mozillaseamonkeyMatch2.6beta1
OR
mozillaseamonkeyMatch2.6beta2
OR
mozillaseamonkeyMatch2.6beta3
OR
mozillaseamonkeyMatch2.6beta4
OR
mozillaseamonkeyMatch2.6.1
OR
mozillaseamonkeyMatch2.7beta1
OR
mozillaseamonkeyMatch2.7beta2
OR
mozillaseamonkeyMatch2.7beta3
OR
mozillaseamonkeyMatch2.7beta4

References

Related

nvd 1
openvas 38
cvelist 1
ubuntucve 1
veracode 1
mozilla 1
prion 1
oraclelinux 2
nessus 32
centos 2
ubuntu 5
redhat 2
freebsd 1
suse 2
securityvulns 1
gentoo 1
nvd
nvd
CVE-2012-0460
2012-03-14 19:55:02
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2012-18) - Linux
2021-11-11 00:00:00
Mozilla Products Multiple Vulnerabilities - Mar12 (Mac OS X 01)
2012-03-20 00:00:00
Mozilla Products Multiple Vulnerabilities - 01 - (Mar 2012) - Mac OS X
2012-03-20 00:00:00
cvelist
cvelist
CVE-2012-0460
2012-03-14 19:00:00
ubuntucve
ubuntucve
CVE-2012-0460
2012-03-14 00:00:00
veracode
veracode
Phishing Attack
2020-04-10 01:07:59
mozilla
mozilla
window.fullScreen writeable by untrusted content — Mozilla
2012-03-13 00:00:00
prion
prion
Code injection
2012-03-14 19:55:00
oraclelinux
oraclelinux
thunderbird security update
2012-03-14 00:00:00
firefox security and bug fix update
2012-03-14 00:00:00
nessus
nessus
RHEL 5 / 6 : thunderbird (RHSA-2012:0388)
2012-03-14 00:00:00
CentOS 5 / 6 : thunderbird (CESA-2012:0388)
2012-03-15 00:00:00
Oracle Solaris Third-Party Patch Update : thunderbird (multiple_vulnerabilities_in_thunderbird4)
2015-01-19 00:00:00
centos
centos
thunderbird security update
2012-03-14 11:41:24
firefox, xulrunner security update
2012-03-14 11:23:06
ubuntu
ubuntu
Firefox vulnerabilities
2012-03-16 00:00:00
Thunderbird regressions
2012-04-03 00:00:00
ubufox update
2012-03-16 00:00:00
redhat
redhat
(RHSA-2012:0388) Critical: thunderbird security update
2012-03-14 00:00:00
(RHSA-2012:0387) Critical: firefox security and bug fix update
2012-03-14 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2012-03-13 00:00:00
suse
suse
Security update for Mozilla Firefox (critical)
2012-03-28 21:08:31
Firefox update to 31.1esr (important)
2014-09-09 18:04:16
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2012-03-17 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

9 High

AI Score

Confidence

High

0.015 Low

EPSS

Percentile

87.2%

JSON
Related for CVE-2012-0460
nvd1openvas38cvelist1ubuntucve1veracode1mozilla1prion1oraclelinux2nessus32centos2ubuntu5redhat2freebsd1suse2securityvulns1gentoo1