CVE-2012-3973

2012-08-2900:00:00

ubuntu.com

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.05 Low

EPSS

Percentile

92.8%

JSON

The debugger in the developer-tools subsystem in Mozilla Firefox before
15.0, when remote debugging is disabled, does not properly restrict access
to the remote-debugging service, which allows remote attackers to execute
arbitrary code by leveraging the presence of the HTTPMonitor extension and
connecting to that service through the HTTPMonitor port.

Notes

Author	Note
micahg	per upstream MFSA, only affects Firefox

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchfirefox< 15.0+build1-0ubuntu0.10.04.1UNKNOWN
ubuntu11.04noarchfirefox< 15.0+build1-0ubuntu0.11.04.2UNKNOWN
ubuntu11.10noarchfirefox< 15.0+build1-0ubuntu0.11.10.1UNKNOWN
ubuntu12.04noarchfirefox< 15.0+build1-0ubuntu0.12.04.1UNKNOWN
ubuntu12.10noarchfirefox< 15.0+build1-0ubuntu1UNKNOWN
ubuntu13.04noarchfirefox< 15.0+build1-0ubuntu1UNKNOWN
ubuntu13.10noarchfirefox< 15.0+build1-0ubuntu1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	10.04	noarch	firefox	< 15.0+build1-0ubuntu0.10.04.1	UNKNOWN
ubuntu	11.04	noarch	firefox	< 15.0+build1-0ubuntu0.11.04.2	UNKNOWN
ubuntu	11.10	noarch	firefox	< 15.0+build1-0ubuntu0.11.10.1	UNKNOWN
ubuntu	12.04	noarch	firefox	< 15.0+build1-0ubuntu0.12.04.1	UNKNOWN
ubuntu	12.10	noarch	firefox	< 15.0+build1-0ubuntu1	UNKNOWN
ubuntu	13.04	noarch	firefox	< 15.0+build1-0ubuntu1	UNKNOWN
ubuntu	13.10	noarch	firefox	< 15.0+build1-0ubuntu1	UNKNOWN