SUSE CVE-2012-3987

Mozilla Firefox before 16.0 on Android assigns chrome privileges to Reader Mode pages, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site...

Mozilla Firefox 16 Reader Mode 跨站脚本执行漏洞 (CVE-2012-3987)

BUGTRAQ ID: 55856 CVE ID: CVE-2012-3987 Firefox是一款非常流行的开源WEB浏览器。SeaMonkey是开源的Web浏览器、邮件和新闻组客户端、IRC会话客户端和HTML编辑器。 Mozilla Firefox 16存在安全漏洞，当一个页面转变到Reader Mode时，结果页面会具有chrome权限，其内容也未被完全过滤。这可导致跨脚本执行攻击，以获取Android设备上的Firefox权限。 0 Mozilla Firefox 16 厂商补丁： Mozilla -------...

CVE-2012-3987

CVE-2012-3987 (Firefox for Android) : The issue arises when a page is transitioned into Reader Mode; the resulting page is given chrome privileges and may not be fully sanitized. Exploitation requires user activation of Reader Mode on a malicious page, enabling a cross-site scripting–like attack ...

CVE-2012-3987

Mozilla Firefox before 16.0 on Android assigns chrome privileges to Reader Mode pages, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site...