9 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.027 Low
EPSS
Percentile
90.3%
Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to spoof the address bar via vectors involving history.forward and history.back calls.
lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html
lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html
lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html
lists.opensuse.org/opensuse-security-announce/2012-07/msg00016.html
osvdb.org/83996
rhn.redhat.com/errata/RHSA-2012-1088.html
secunia.com/advisories/49965
secunia.com/advisories/49968
secunia.com/advisories/49972
secunia.com/advisories/49977
secunia.com/advisories/49979
secunia.com/advisories/49992
secunia.com/advisories/49993
secunia.com/advisories/49994
www.mozilla.org/security/announce/2012/mfsa2012-45.html
www.securityfocus.com/bid/54586
www.securitytracker.com/id?1027256
www.securitytracker.com/id?1027257
www.securitytracker.com/id?1027258
www.ubuntu.com/usn/USN-1509-1
www.ubuntu.com/usn/USN-1509-2
www.ubuntu.com/usn/USN-1510-1
bugzilla.mozilla.org/show_bug.cgi?id=757376
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17004