Lucene search
HistoryFeb 01, 2012 - 4:55 p.m.
CVE-2012-0445
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
6.5
Confidence
Low
EPSS
0.012
Percentile
84.9%
Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to bypass the HTML5 frame-navigation policy and replace arbitrary sub-frames by creating a form submission target with a sub-frame’s name attribute.
Affected configurations
Node
mozillafirefoxMatch4.0
ORmozillafirefoxMatch4.0beta1
ORmozillafirefoxMatch4.0beta10
ORmozillafirefoxMatch4.0beta11
ORmozillafirefoxMatch4.0beta12
ORmozillafirefoxMatch4.0beta2
ORmozillafirefoxMatch4.0beta3
ORmozillafirefoxMatch4.0beta4
ORmozillafirefoxMatch4.0beta5
ORmozillafirefoxMatch4.0beta6
ORmozillafirefoxMatch4.0beta7
ORmozillafirefoxMatch4.0beta8
ORmozillafirefoxMatch4.0beta9
ORmozillafirefoxMatch4.0.1
ORmozillafirefoxMatch5.0
ORmozillafirefoxMatch5.0.1
ORmozillafirefoxMatch6.0
ORmozillafirefoxMatch6.0.1
ORmozillafirefoxMatch6.0.2
ORmozillafirefoxMatch7.0
ORmozillafirefoxMatch8.0
ORmozillafirefoxMatch8.0.1
ORmozillafirefoxMatch9.0
Node
mozillathunderbirdMatch5.0
ORmozillathunderbirdMatch6.0
ORmozillathunderbirdMatch6.0.1
ORmozillathunderbirdMatch6.0.2
ORmozillathunderbirdMatch7.0
ORmozillathunderbirdMatch8.0
ORmozillathunderbirdMatch9.0
Node
mozillaseamonkeyRange≤2.7beta5
ORmozillaseamonkeyMatch1.0alpha
ORmozillaseamonkeyMatch1.0beta
ORmozillaseamonkeyMatch1.0.1
ORmozillaseamonkeyMatch1.0.2
ORmozillaseamonkeyMatch1.0.3
ORmozillaseamonkeyMatch1.0.4
ORmozillaseamonkeyMatch1.0.5
ORmozillaseamonkeyMatch1.0.6
ORmozillaseamonkeyMatch1.0.7
ORmozillaseamonkeyMatch1.0.8
ORmozillaseamonkeyMatch1.0.9
ORmozillaseamonkeyMatch1.1
ORmozillaseamonkeyMatch1.1alpha
ORmozillaseamonkeyMatch1.1beta
ORmozillaseamonkeyMatch1.1.1
ORmozillaseamonkeyMatch1.1.2
ORmozillaseamonkeyMatch1.1.3
ORmozillaseamonkeyMatch1.1.4
ORmozillaseamonkeyMatch1.1.5
ORmozillaseamonkeyMatch1.1.6
ORmozillaseamonkeyMatch1.1.7
ORmozillaseamonkeyMatch1.1.8
ORmozillaseamonkeyMatch1.1.9
ORmozillaseamonkeyMatch1.1.10
ORmozillaseamonkeyMatch1.1.11
ORmozillaseamonkeyMatch1.1.12
ORmozillaseamonkeyMatch1.1.13
ORmozillaseamonkeyMatch1.1.14
ORmozillaseamonkeyMatch1.1.15
ORmozillaseamonkeyMatch1.1.16
ORmozillaseamonkeyMatch1.1.17
ORmozillaseamonkeyMatch1.1.18
ORmozillaseamonkeyMatch1.1.19
ORmozillaseamonkeyMatch2.0
ORmozillaseamonkeyMatch2.0alpha_1
ORmozillaseamonkeyMatch2.0alpha_2
ORmozillaseamonkeyMatch2.0alpha_3
ORmozillaseamonkeyMatch2.0beta_1
ORmozillaseamonkeyMatch2.0beta_2
ORmozillaseamonkeyMatch2.0rc1
ORmozillaseamonkeyMatch2.0rc2
ORmozillaseamonkeyMatch2.0.1
ORmozillaseamonkeyMatch2.0.2
ORmozillaseamonkeyMatch2.0.3
ORmozillaseamonkeyMatch2.0.4
ORmozillaseamonkeyMatch2.0.5
ORmozillaseamonkeyMatch2.0.6
ORmozillaseamonkeyMatch2.0.7
ORmozillaseamonkeyMatch2.0.8
ORmozillaseamonkeyMatch2.0.9
ORmozillaseamonkeyMatch2.0.10
ORmozillaseamonkeyMatch2.0.11
ORmozillaseamonkeyMatch2.0.12
ORmozillaseamonkeyMatch2.0.13
ORmozillaseamonkeyMatch2.0.14
ORmozillaseamonkeyMatch2.1
ORmozillaseamonkeyMatch2.1alpha1
ORmozillaseamonkeyMatch2.1alpha2
ORmozillaseamonkeyMatch2.1alpha3
ORmozillaseamonkeyMatch2.1beta1
ORmozillaseamonkeyMatch2.1beta2
ORmozillaseamonkeyMatch2.1beta3
ORmozillaseamonkeyMatch2.1rc1
ORmozillaseamonkeyMatch2.1rc2
ORmozillaseamonkeyMatch2.2
ORmozillaseamonkeyMatch2.2beta1
ORmozillaseamonkeyMatch2.2beta2
ORmozillaseamonkeyMatch2.2beta3
ORmozillaseamonkeyMatch2.3
ORmozillaseamonkeyMatch2.3beta1
ORmozillaseamonkeyMatch2.3beta2
ORmozillaseamonkeyMatch2.3beta3
ORmozillaseamonkeyMatch2.3.1
ORmozillaseamonkeyMatch2.3.2
ORmozillaseamonkeyMatch2.3.3
ORmozillaseamonkeyMatch2.4
ORmozillaseamonkeyMatch2.4beta1
ORmozillaseamonkeyMatch2.4beta2
ORmozillaseamonkeyMatch2.4beta3
ORmozillaseamonkeyMatch2.4.1
ORmozillaseamonkeyMatch2.5
ORmozillaseamonkeyMatch2.5beta1
ORmozillaseamonkeyMatch2.5beta2
ORmozillaseamonkeyMatch2.5beta3
ORmozillaseamonkeyMatch2.5beta4
ORmozillaseamonkeyMatch2.6
ORmozillaseamonkeyMatch2.6beta1
ORmozillaseamonkeyMatch2.6beta2
ORmozillaseamonkeyMatch2.6beta3
ORmozillaseamonkeyMatch2.6beta4
ORmozillaseamonkeyMatch2.6.1
ORmozillaseamonkeyMatch2.7beta1
ORmozillaseamonkeyMatch2.7beta2
ORmozillaseamonkeyMatch2.7beta3
ORmozillaseamonkeyMatch2.7beta4
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mozilla | firefox | 4.0 | cpe:2.3:a:mozilla:firefox:4.0:*:*:*:*:*:*:* |
| mozilla | firefox | 4.0 | cpe:2.3:a:mozilla:firefox:4.0:beta1:*:*:*:*:*:* |
| mozilla | firefox | 4.0 | cpe:2.3:a:mozilla:firefox:4.0:beta10:*:*:*:*:*:* |
| mozilla | firefox | 4.0 | cpe:2.3:a:mozilla:firefox:4.0:beta11:*:*:*:*:*:* |
| mozilla | firefox | 4.0 | cpe:2.3:a:mozilla:firefox:4.0:beta12:*:*:*:*:*:* |
| mozilla | firefox | 4.0 | cpe:2.3:a:mozilla:firefox:4.0:beta2:*:*:*:*:*:* |
| mozilla | firefox | 4.0 | cpe:2.3:a:mozilla:firefox:4.0:beta3:*:*:*:*:*:* |
| mozilla | firefox | 4.0 | cpe:2.3:a:mozilla:firefox:4.0:beta4:*:*:*:*:*:* |
| mozilla | firefox | 4.0 | cpe:2.3:a:mozilla:firefox:4.0:beta5:*:*:*:*:*:* |
| mozilla | firefox | 4.0 | cpe:2.3:a:mozilla:firefox:4.0:beta6:*:*:*:*:*:* |
References
lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html
osvdb.org/78735
secunia.com/advisories/49055
www.mandriva.com/security/advisories?name=MDVSA-2012:013
www.mozilla.org/security/announce/2012/mfsa2012-03.html
www.securityfocus.com/bid/51765
bugzilla.mozilla.org/show_bug.cgi?id=701071
exchange.xforce.ibmcloud.com/vulnerabilities/72835
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14907
Related
mozilla
mozilla
<iframe> element exposed across domains via name attribute — Mozilla
2012-01-31 00:00:00
cvelist
cvelist
CVE-2012-0445
2012-02-01 16:00:00
prion
prion
Design/Logic Flaw
2012-02-01 16:55:00
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2012-03
2012-02-03 00:00:00
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2012-02-03 00:00:00
ubuntucve
ubuntucve
CVE-2012-0445
2012-02-01 00:00:00
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2012-03) - Linux
2021-11-11 00:00:00
cve
cve
CVE-2012-0445
2012-02-01 16:55:01
nessus
nessus
Oracle Solaris Third-Party Patch Update : thunderbird (multiple_vulnerabilities_in_thunderbird6)
2015-01-19 00:00:00
Mozilla Thunderbird < 10.0 Multiple Vulnerabilities
2012-02-01 00:00:00
SeaMonkey < 2.7.0 Multiple Vulnerabilities
2012-02-01 00:00:00
ubuntu
ubuntu
ubufox and webfav update
2012-02-03 00:00:00
Mozvoikko update
2012-02-03 00:00:00
Firefox vulnerabilities
2012-02-03 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2012-01-31 00:00:00
suse
suse
MozillaFirefox: Version 10 (important)
2012-02-09 19:10:49
Firefox update to 31.1esr (important)
2014-09-09 18:04:16
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
6.5
Confidence
Low
EPSS
0.012
Percentile
84.9%
Related for NVD:CVE-2012-0445