Lucene search

K
ubuntucveUbuntu.comUB:CVE-2012-1967
HistoryJul 17, 2012 - 12:00 a.m.

CVE-2012-1967

2012-07-1700:00:00
ubuntu.com
ubuntu.com
19
cve-2012-1967
mozilla
javascript sandbox
remote execution

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.026

Percentile

90.3%

Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6,
Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and
SeaMonkey before 2.11 do not properly implement the JavaScript sandbox
utility, which allows remote attackers to execute arbitrary JavaScript code
with improper privileges via a javascript: URL.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchfirefox< 14.0.1+build1-0ubuntu0.10.04.1UNKNOWN
ubuntu11.04noarchfirefox< 14.0.1+build1-0ubuntu0.11.04.1UNKNOWN
ubuntu11.10noarchfirefox< 14.0.1+build1-0ubuntu0.11.10.1UNKNOWN
ubuntu12.04noarchfirefox< 14.0.1+build1-0ubuntu0.12.04.1UNKNOWN
ubuntu10.04noarchthunderbird< 14.0+build1-0ubuntu0.10.04.1UNKNOWN
ubuntu11.04noarchthunderbird< 14.0+build1-0ubuntu0.11.04.1UNKNOWN
ubuntu11.10noarchthunderbird< 14.0+build1-0ubuntu0.11.10.1UNKNOWN
ubuntu12.04noarchthunderbird< 14.0+build1-0ubuntu0.12.04.1UNKNOWN

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.026

Percentile

90.3%