Lucene search
HistoryNov 21, 2012 - 12:55 p.m.
CVE-2012-5837
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.7 High
AI Score
Confidence
High
0.008 Low
EPSS
Percentile
81.1%
The Web Developer Toolbar in Mozilla Firefox before 17.0 executes script with chrome privileges, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string.
Affected configurations
Node
mozillafirefoxRange≤16.0.2
ORmozillafirefoxMatch0.1
ORmozillafirefoxMatch0.2
ORmozillafirefoxMatch0.3
ORmozillafirefoxMatch0.4
ORmozillafirefoxMatch0.5
ORmozillafirefoxMatch0.6
ORmozillafirefoxMatch0.6.1
ORmozillafirefoxMatch0.7
ORmozillafirefoxMatch0.7.1
ORmozillafirefoxMatch0.8
ORmozillafirefoxMatch0.9
ORmozillafirefoxMatch0.9rc
ORmozillafirefoxMatch0.9.1
ORmozillafirefoxMatch0.9.2
ORmozillafirefoxMatch0.9.3
ORmozillafirefoxMatch0.10
ORmozillafirefoxMatch0.10.1
ORmozillafirefoxMatch1.0
ORmozillafirefoxMatch1.0preview_release
ORmozillafirefoxMatch1.0.1
ORmozillafirefoxMatch1.0.2
ORmozillafirefoxMatch1.0.3
ORmozillafirefoxMatch1.0.4
ORmozillafirefoxMatch1.0.5
ORmozillafirefoxMatch1.0.6
ORmozillafirefoxMatch1.0.7
ORmozillafirefoxMatch1.0.8
ORmozillafirefoxMatch1.4.1
ORmozillafirefoxMatch1.5
ORmozillafirefoxMatch1.5beta1
ORmozillafirefoxMatch1.5beta2
ORmozillafirefoxMatch1.5.0.1
ORmozillafirefoxMatch1.5.0.2
ORmozillafirefoxMatch1.5.0.3
ORmozillafirefoxMatch1.5.0.4
ORmozillafirefoxMatch1.5.0.5
ORmozillafirefoxMatch1.5.0.6
ORmozillafirefoxMatch1.5.0.7
ORmozillafirefoxMatch1.5.0.8
ORmozillafirefoxMatch1.5.0.9
ORmozillafirefoxMatch1.5.0.10
ORmozillafirefoxMatch1.5.0.11
ORmozillafirefoxMatch1.5.0.12
ORmozillafirefoxMatch1.5.1
ORmozillafirefoxMatch1.5.2
ORmozillafirefoxMatch1.5.3
ORmozillafirefoxMatch1.5.4
ORmozillafirefoxMatch1.5.5
ORmozillafirefoxMatch1.5.6
ORmozillafirefoxMatch1.5.7
ORmozillafirefoxMatch1.5.8
ORmozillafirefoxMatch1.8
ORmozillafirefoxMatch2.0
ORmozillafirefoxMatch2.0.0.1
ORmozillafirefoxMatch2.0.0.2
ORmozillafirefoxMatch2.0.0.3
ORmozillafirefoxMatch2.0.0.4
ORmozillafirefoxMatch2.0.0.5
ORmozillafirefoxMatch2.0.0.6
ORmozillafirefoxMatch2.0.0.7
ORmozillafirefoxMatch2.0.0.8
ORmozillafirefoxMatch2.0.0.9
ORmozillafirefoxMatch2.0.0.10
ORmozillafirefoxMatch2.0.0.11
ORmozillafirefoxMatch2.0.0.12
ORmozillafirefoxMatch2.0.0.13
ORmozillafirefoxMatch2.0.0.14
ORmozillafirefoxMatch2.0.0.15
ORmozillafirefoxMatch2.0.0.16
ORmozillafirefoxMatch2.0.0.17
ORmozillafirefoxMatch2.0.0.18
ORmozillafirefoxMatch2.0.0.19
ORmozillafirefoxMatch2.0.0.20
ORmozillafirefoxMatch3.0
ORmozillafirefoxMatch3.0.1
ORmozillafirefoxMatch3.0.2
ORmozillafirefoxMatch3.0.3
ORmozillafirefoxMatch3.0.4
ORmozillafirefoxMatch3.0.5
ORmozillafirefoxMatch3.0.6
ORmozillafirefoxMatch3.0.7
ORmozillafirefoxMatch3.0.8
ORmozillafirefoxMatch3.0.9
ORmozillafirefoxMatch3.0.10
ORmozillafirefoxMatch3.0.11
ORmozillafirefoxMatch3.0.12
ORmozillafirefoxMatch3.0.13
ORmozillafirefoxMatch3.0.14
ORmozillafirefoxMatch3.0.15
ORmozillafirefoxMatch3.0.16
ORmozillafirefoxMatch3.0.17
ORmozillafirefoxMatch3.5
ORmozillafirefoxMatch3.5.1
ORmozillafirefoxMatch3.5.2
ORmozillafirefoxMatch3.5.3
ORmozillafirefoxMatch3.5.4
ORmozillafirefoxMatch3.5.5
ORmozillafirefoxMatch3.5.6
ORmozillafirefoxMatch3.5.7
ORmozillafirefoxMatch3.5.8
ORmozillafirefoxMatch3.5.9
ORmozillafirefoxMatch3.5.10
ORmozillafirefoxMatch3.5.11
ORmozillafirefoxMatch3.5.12
ORmozillafirefoxMatch3.5.13
ORmozillafirefoxMatch3.5.14
ORmozillafirefoxMatch3.5.15
ORmozillafirefoxMatch3.6
ORmozillafirefoxMatch3.6.2
ORmozillafirefoxMatch3.6.3
ORmozillafirefoxMatch3.6.4
ORmozillafirefoxMatch3.6.6
ORmozillafirefoxMatch3.6.7
ORmozillafirefoxMatch3.6.8
ORmozillafirefoxMatch3.6.9
ORmozillafirefoxMatch3.6.10
ORmozillafirefoxMatch3.6.11
ORmozillafirefoxMatch3.6.12
ORmozillafirefoxMatch3.6.13
ORmozillafirefoxMatch3.6.14
ORmozillafirefoxMatch3.6.15
ORmozillafirefoxMatch3.6.16
ORmozillafirefoxMatch3.6.17
ORmozillafirefoxMatch3.6.18
ORmozillafirefoxMatch3.6.19
ORmozillafirefoxMatch3.6.20
ORmozillafirefoxMatch3.6.21
ORmozillafirefoxMatch3.6.22
ORmozillafirefoxMatch3.6.23
ORmozillafirefoxMatch3.6.24
ORmozillafirefoxMatch3.6.25
ORmozillafirefoxMatch4.0
ORmozillafirefoxMatch4.0beta1
ORmozillafirefoxMatch4.0beta10
ORmozillafirefoxMatch4.0beta11
ORmozillafirefoxMatch4.0beta12
ORmozillafirefoxMatch4.0beta2
ORmozillafirefoxMatch4.0beta3
ORmozillafirefoxMatch4.0beta4
ORmozillafirefoxMatch4.0beta5
ORmozillafirefoxMatch4.0beta6
ORmozillafirefoxMatch4.0beta7
ORmozillafirefoxMatch4.0beta8
ORmozillafirefoxMatch4.0beta9
ORmozillafirefoxMatch4.0.1
ORmozillafirefoxMatch5.0
ORmozillafirefoxMatch5.0.1
ORmozillafirefoxMatch6.0
ORmozillafirefoxMatch6.0.1
ORmozillafirefoxMatch6.0.2
ORmozillafirefoxMatch7.0
ORmozillafirefoxMatch7.0.1
ORmozillafirefoxMatch8.0
ORmozillafirefoxMatch8.0.1
ORmozillafirefoxMatch9.0
ORmozillafirefoxMatch9.0.1
ORmozillafirefoxMatch10.0
ORmozillafirefoxMatch10.0.1
ORmozillafirefoxMatch10.0.2
ORmozillafirefoxMatch11.0
ORmozillafirefoxMatch12.0
ORmozillafirefoxMatch12.0beta6
ORmozillafirefoxMatch13.0
ORmozillafirefoxMatch13.0.1
ORmozillafirefoxMatch14.0
ORmozillafirefoxMatch14.0.1
ORmozillafirefoxMatch15.0
ORmozillafirefoxMatch15.0.1
ORmozillafirefoxMatch16.0
ORmozillafirefoxMatch16.0.1
References
lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html
lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html
lists.opensuse.org/opensuse-updates/2012-11/msg00090.html
lists.opensuse.org/opensuse-updates/2012-11/msg00092.html
lists.opensuse.org/opensuse-updates/2012-11/msg00093.html
osvdb.org/87586
secunia.com/advisories/51369
secunia.com/advisories/51434
secunia.com/advisories/51439
www.mozilla.org/security/announce/2012/mfsa2012-102.html
www.securityfocus.com/bid/56645
www.ubuntu.com/usn/USN-1638-1
www.ubuntu.com/usn/USN-1638-3
bugzilla.mozilla.org/show_bug.cgi?id=800363
exchange.xforce.ibmcloud.com/vulnerabilities/80180
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16542
Related
prion
prion
Cross site scripting
2012-11-21 12:55:00
cvelist
cvelist
CVE-2012-5837
2012-11-21 11:00:00
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2012-102) - Linux
2021-11-11 00:00:00
Mozilla Firefox Multiple Vulnerabilities - November12 (Windows)
2012-11-26 00:00:00
Mozilla Firefox Multiple Vulnerabilities - November12 (Mac OS X)
2012-11-26 00:00:00
cve
cve
CVE-2012-5837
2012-11-21 12:55:03
ubuntucve
ubuntucve
CVE-2012-5837
2012-11-21 00:00:00
mozilla
mozilla
Script entered into Developer Toolbar runs with chrome privileges — Mozilla
2012-11-20 00:00:00
nessus
nessus
openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2012:1585-1)
2014-06-13 00:00:00
SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8381)
2012-11-29 00:00:00
suse
suse
Security update for Mozilla Firefox (important)
2012-11-29 01:08:52
security update to Firefox 17.0 and other Mozilla based packages (important)
2013-01-23 14:07:31
Firefox update to 31.1esr (important)
2014-09-09 18:04:16
ubuntu
ubuntu
Firefox regressions
2012-12-03 00:00:00
Firefox vulnerabilities
2012-11-21 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2012-11-20 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2012-12-03 00:00:00
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.7 High
AI Score
Confidence
High
0.008 Low
EPSS
Percentile
81.1%
Related for NVD:CVE-2012-5837