9.1 High
AI Score
Confidence
High
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.713 High
EPSS
Percentile
98.0%
Henrik Skupin, Jesse Ruderman, Christian Holler, Soroush Dalili and others
discovered several memory corruption flaws in Firefox. If a user were
tricked into opening a specially crafted web page, a remote attacker could
cause Firefox to crash or potentially execute arbitrary code as the user
invoking the program. (CVE-2012-3982, CVE-2012-3983, CVE-2012-3988,
CVE-2012-3989)
David Bloom and Jordi Chancel discovered that Firefox did not always
properly handle the element. A remote attacker could exploit this
to conduct URL spoofing and clickjacking attacks. (CVE-2012-3984)
Collin Jackson discovered that Firefox did not properly follow the HTML5
specification for document.domain behavior. A remote attacker could exploit
this to conduct cross-site scripting (XSS) attacks via javascript
execution. (CVE-2012-3985)
Johnny Stenback discovered that Firefox did not properly perform security
checks on test methods for DOMWindowUtils. (CVE-2012-3986)
Alice White discovered that the security checks for GetProperty could be
bypassed when using JSAPI. If a user were tricked into opening a specially
crafted web page, a remote attacker could exploit this to execute arbitrary
code as the user invoking the program. (CVE-2012-3991)
Mariusz Mlynski discovered a history state error in Firefox. A remote
attacker could exploit this to spoof the location property to inject script
or intercept posted data. (CVE-2012-3992)
Mariusz Mlynski and others discovered several flaws in Firefox that allowed
a remote attacker to conduct cross-site scripting (XSS) attacks.
(CVE-2012-3993, CVE-2012-3994, CVE-2012-4184)
Abhishek Arya, Atte Kettunen and others discovered several memory flaws in
Firefox when using the Address Sanitizer tool. If a user were tricked into
opening a specially crafted web page, a remote attacker could cause Firefox
to crash or potentially execute arbitrary code as the user invoking the
program. (CVE-2012-3990, CVE-2012-3995, CVE-2012-4179, CVE-2012-4180,
CVE-2012-4181, CVE-2012-4182, CVE-2012-4183, CVE-2012-4185, CVE-2012-4186,
CVE-2012-4187, CVE-2012-4188)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 12.04 | noarch | firefox | < 16.0+build1-0ubuntu0.12.04.1 | UNKNOWN |
Ubuntu | 12.04 | noarch | abrowser | < 16.0+build1-0ubuntu0.12.04.1 | UNKNOWN |
Ubuntu | 12.04 | noarch | abrowser-branding | < 16.0+build1-0ubuntu0.12.04.1 | UNKNOWN |
Ubuntu | 12.04 | noarch | firefox-branding | < 16.0+build1-0ubuntu0.12.04.1 | UNKNOWN |
Ubuntu | 12.04 | noarch | firefox-dbg | < 16.0+build1-0ubuntu0.12.04.1 | UNKNOWN |
Ubuntu | 12.04 | noarch | firefox-dev | < 16.0+build1-0ubuntu0.12.04.1 | UNKNOWN |
Ubuntu | 12.04 | noarch | firefox-globalmenu | < 16.0+build1-0ubuntu0.12.04.1 | UNKNOWN |
Ubuntu | 12.04 | noarch | firefox-gnome-support | < 16.0+build1-0ubuntu0.12.04.1 | UNKNOWN |
Ubuntu | 12.04 | noarch | firefox-gnome-support-dbg | < 16.0+build1-0ubuntu0.12.04.1 | UNKNOWN |
Ubuntu | 12.04 | noarch | firefox-locale-af | < 16.0+build1-0ubuntu0.12.04.1 | UNKNOWN |
ubuntu.com/security/CVE-2012-3982
ubuntu.com/security/CVE-2012-3983
ubuntu.com/security/CVE-2012-3984
ubuntu.com/security/CVE-2012-3985
ubuntu.com/security/CVE-2012-3986
ubuntu.com/security/CVE-2012-3988
ubuntu.com/security/CVE-2012-3989
ubuntu.com/security/CVE-2012-3990
ubuntu.com/security/CVE-2012-3991
ubuntu.com/security/CVE-2012-3992
ubuntu.com/security/CVE-2012-3993
ubuntu.com/security/CVE-2012-3994
ubuntu.com/security/CVE-2012-3995
ubuntu.com/security/CVE-2012-4179
ubuntu.com/security/CVE-2012-4180
ubuntu.com/security/CVE-2012-4181
ubuntu.com/security/CVE-2012-4182
ubuntu.com/security/CVE-2012-4183
ubuntu.com/security/CVE-2012-4184
ubuntu.com/security/CVE-2012-4185
ubuntu.com/security/CVE-2012-4186
ubuntu.com/security/CVE-2012-4187
ubuntu.com/security/CVE-2012-4188