Lucene search
Mozilla FoundationMFSA2012-72HistoryAug 28, 2012 - 12:00 a.m.
Web console eval capable of executing chrome-privileged code — Mozilla
2012-08-2800:00:00
Mozilla Foundation
www.mozilla.org
35
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.013 Low
EPSS
Percentile
85.7%
Security researcher Colby Russell discovered that eval in the web console can execute injected code with chrome privileges, leading to the running of malicious code in a privileged context. This allows for arbitrary code execution through a malicious web page if the web console is invoked by the user.
| CPE | Name | Operator | Version |
|---|---|---|---|
| firefox | lt | 15 | |
| firefox esr | lt | 10.0.7 | |
| thunderbird | lt | 15 | |
| thunderbird esr | lt | 10.0.7 |
Related
openvas
openvas
Mozilla Firefox ESR Multiple Vulnerabilities - August12 (Mac OS X)
2013-07-17 00:00:00
Mozilla Thunderbird Multiple Vulnerabilities (Aug 2012) - Mac OS X
2013-07-17 00:00:00
Mozilla Thunderbird ESR Multiple Vulnerabilities - August12 (Mac OS X)
2013-07-17 00:00:00
ubuntucve
ubuntucve
CVE-2012-3980
2012-08-29 00:00:00
prion
prion
Code injection
2012-08-29 10:56:00
cve
cve
CVE-2012-3980
2012-08-29 10:56:00
nessus
nessus
Thunderbird 10.0.x < 10.0.7 Multiple Vulnerabilities (Mac OS X)
2012-08-29 00:00:00
CentOS 5 / 6 : thunderbird (CESA-2012:1211)
2012-08-30 00:00:00
oraclelinux
oraclelinux
thunderbird security update
2012-08-29 00:00:00
firefox security update
2012-08-29 00:00:00
redhat
redhat
(RHSA-2012:1211) Critical: thunderbird security update
2012-08-29 00:00:00
(RHSA-2012:1210) Critical: firefox security update
2012-08-29 00:00:00
veracode
veracode
Memory Corruption
2019-05-02 04:42:55
Arbitrary Code Execution
2019-05-02 04:42:52
Memory Corruption
2019-05-02 04:42:51
centos
centos
thunderbird security update
2012-08-29 12:53:01
firefox, xulrunner security update
2012-08-29 12:43:30
ubuntu
ubuntu
Thunderbird regressions
2012-09-28 00:00:00
Thunderbird vulnerabilities
2012-08-30 00:00:00
Firefox vulnerabilities
2012-08-29 00:00:00
suse
suse
MozillaFirefox: Update to version 15 (critical)
2012-08-30 12:09:15
MozillaFirefox: Update to version 15 (critical)
2012-08-30 12:09:32
Security update for Mozilla Firefox (important)
2012-09-14 02:08:30
freebsd
freebsd
mozilla -- multiple vulnerabilities
2012-08-28 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2012-09-18 00:00:00
ibm
ibm
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.013 Low
EPSS
Percentile
85.7%
Related for MFSA2012-72