Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-1600-1
HistoryOct 09, 2012 - 12:00 a.m.

Firefox vulnerabilities

2012-10-0900:00:00
ubuntu.com
30

9.1 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.713 High

EPSS

Percentile

98.0%

JSON

Releases

  • Ubuntu 12.04
  • Ubuntu 11.10
  • Ubuntu 11.04
  • Ubuntu 10.04

Packages

  • firefox - Mozilla Open Source web browser

Details

Henrik Skupin, Jesse Ruderman, Christian Holler, Soroush Dalili and others
discovered several memory corruption flaws in Firefox. If a user were
tricked into opening a specially crafted web page, a remote attacker could
cause Firefox to crash or potentially execute arbitrary code as the user
invoking the program. (CVE-2012-3982, CVE-2012-3983, CVE-2012-3988,
CVE-2012-3989)

David Bloom and Jordi Chancel discovered that Firefox did not always
properly handle the element. A remote attacker could exploit this
to conduct URL spoofing and clickjacking attacks. (CVE-2012-3984)

Collin Jackson discovered that Firefox did not properly follow the HTML5
specification for document.domain behavior. A remote attacker could exploit
this to conduct cross-site scripting (XSS) attacks via javascript
execution. (CVE-2012-3985)

Johnny Stenback discovered that Firefox did not properly perform security
checks on test methods for DOMWindowUtils. (CVE-2012-3986)

Alice White discovered that the security checks for GetProperty could be
bypassed when using JSAPI. If a user were tricked into opening a specially
crafted web page, a remote attacker could exploit this to execute arbitrary
code as the user invoking the program. (CVE-2012-3991)

Mariusz Mlynski discovered a history state error in Firefox. A remote
attacker could exploit this to spoof the location property to inject script
or intercept posted data. (CVE-2012-3992)

Mariusz Mlynski and others discovered several flaws in Firefox that allowed
a remote attacker to conduct cross-site scripting (XSS) attacks.
(CVE-2012-3993, CVE-2012-3994, CVE-2012-4184)

Abhishek Arya, Atte Kettunen and others discovered several memory flaws in
Firefox when using the Address Sanitizer tool. If a user were tricked into
opening a specially crafted web page, a remote attacker could cause Firefox
to crash or potentially execute arbitrary code as the user invoking the
program. (CVE-2012-3990, CVE-2012-3995, CVE-2012-4179, CVE-2012-4180,
CVE-2012-4181, CVE-2012-4182, CVE-2012-4183, CVE-2012-4185, CVE-2012-4186,
CVE-2012-4187, CVE-2012-4188)

OSVersionArchitecturePackageVersionFilename
Ubuntu12.04noarchfirefox< 16.0+build1-0ubuntu0.12.04.1UNKNOWN
Ubuntu12.04noarchabrowser< 16.0+build1-0ubuntu0.12.04.1UNKNOWN
Ubuntu12.04noarchabrowser-branding< 16.0+build1-0ubuntu0.12.04.1UNKNOWN
Ubuntu12.04noarchfirefox-branding< 16.0+build1-0ubuntu0.12.04.1UNKNOWN
Ubuntu12.04noarchfirefox-dbg< 16.0+build1-0ubuntu0.12.04.1UNKNOWN
Ubuntu12.04noarchfirefox-dev< 16.0+build1-0ubuntu0.12.04.1UNKNOWN
Ubuntu12.04noarchfirefox-globalmenu< 16.0+build1-0ubuntu0.12.04.1UNKNOWN
Ubuntu12.04noarchfirefox-gnome-support< 16.0+build1-0ubuntu0.12.04.1UNKNOWN
Ubuntu12.04noarchfirefox-gnome-support-dbg< 16.0+build1-0ubuntu0.12.04.1UNKNOWN
Ubuntu12.04noarchfirefox-locale-af< 16.0+build1-0ubuntu0.12.04.1UNKNOWN
Rows per page:
1-10 of 3551

Related

openvas 73
nessus 33
veracode 16
oraclelinux 2
centos 2
redhat 2
suse 2
ubuntu 1
debian 3
freebsd 1
osv 3
securityvulns 1
mozilla 12
ibm 2
cve 14
prion 16
ubuntucve 14
seebug 1
checkpoint_advisories 1
openvas
openvas
Ubuntu Update for firefox USN-1600-1
2012-10-11 00:00:00
Ubuntu: Security Advisory (USN-1600-1)
2012-10-11 00:00:00
Mozilla Thunderbird ESR Multiple Vulnerabilities-01 (Windows)
2012-10-15 00:00:00
nessus
nessus
Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : firefox vulnerabilities (USN-1600-1)
2012-10-10 00:00:00
Firefox < 10.0.8 Multiple Vulnerabilities (Mac OS X)
2012-10-17 00:00:00
Firefox < 16.0 Multiple Vulnerabilities
2012-10-17 00:00:00
veracode
veracode
Arbitrary Code Execution
2019-05-02 04:43:31
Denial Of Service (DoS)
2019-05-02 04:43:36
Arbitrary Code Execution
2019-05-02 04:43:33
oraclelinux
oraclelinux
thunderbird security update
2012-10-10 00:00:00
firefox security and bug fix update
2012-10-10 00:00:00
centos
centos
thunderbird security update
2012-10-10 13:53:37
firefox, xulrunner security update
2012-10-10 13:52:09
redhat
redhat
(RHSA-2012:1350) Critical: firefox security and bug fix update
2012-10-09 00:00:00
(RHSA-2012:1351) Critical: thunderbird security update
2012-10-09 00:00:00
suse
suse
MozillaFirefox: update to Firefox 16.0.1 (important)
2012-10-15 15:08:30
Security update for Mozilla Firefox (important)
2012-10-16 22:08:48
ubuntu
ubuntu
Thunderbird vulnerabilities
2012-10-12 00:00:00
debian
debian
[SECURITY] [DSA 2565-1] iceweasel security update
2012-10-23 19:45:56
[SECURITY] [DSA 2569-1] icedove security update
2012-10-29 20:57:34
[SECURITY] [DSA 2572-1] iceape security update
2012-11-04 18:59:26
freebsd
freebsd
mozilla -- multiple vulnerabilities
2012-10-09 00:00:00
osv
osv
icedove - several
2012-10-29 00:00:00
iceweasel - several
2012-10-23 00:00:00
iceape - several
2012-11-04 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2012-10-29 00:00:00
mozilla
mozilla
Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer — Mozilla
2012-10-09 00:00:00
Heap memory corruption issues found using Address Sanitizer — Mozilla
2012-10-09 00:00:00
Miscellaneous memory safety hazards (rv:16.0/ rv:10.0.8) — Mozilla
2012-10-09 00:00:00
ibm
ibm
Security Bulletin: Storwize V7000 Unified V1.4.1.0 Includes Fixes for Multiple Vendor Security Vulnerabilities
2022-09-26 04:23:14
Security Bulletin: SONAS Update Includes Fixes for Multiple Vendor Security Vulnerabilities
2022-09-26 04:23:14
cve
cve
CVE-2012-3989
2012-10-10 17:55:00
CVE-2012-3992
2012-10-10 17:55:00
CVE-2012-3993
2012-10-10 17:55:00
prion
prion
Code injection
2012-10-10 17:55:00
Cross site scripting
2012-10-10 17:55:00
Cross site scripting
2012-10-10 17:55:00
ubuntucve
ubuntucve
CVE-2012-3989
2012-10-09 00:00:00
CVE-2012-3991
2012-10-09 00:00:00
CVE-2012-3992
2012-10-09 00:00:00
seebug
seebug
Mozilla Firefox 15内存破坏漏洞 (CVE-2012-3983)
2012-10-14 00:00:00
checkpoint_advisories
checkpoint_advisories
Mozilla Multiple Products WAV Processing Buffer Overflow (CVE-2012-4186)
2013-06-30 00:00:00

9.1 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.713 High

EPSS

Percentile

98.0%

JSON
Related for USN-1600-1
openvas73nessus33veracode16oraclelinux2centos2redhat2suse2ubuntu1debian3freebsd1osv3securityvulns1mozilla12ibm2cve14prion16ubuntucve14seebug1checkpoint_advisories1