[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249622

 
 

909

 
 

195549

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2012-3976Date: (C)2012-08-29   (M)2024-03-27


Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate information in the address bar via a crafted web page.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.8
Exploit Score: 8.6
Impact Score: 4.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
BID-55313
RHSA-2012:1210
SUSE-SU-2012:1157
SUSE-SU-2012:1167
USN-1548-1
USN-1548-2
http://www.mozilla.org/security/announce/2012/mfsa2012-69.html
http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
https://bugzilla.mozilla.org/show_bug.cgi?id=768568
openSUSE-SU-2012:1065
oval:org.mitre.oval:def:16060

CPE    342
cpe:/a:mozilla:firefox:14.0
cpe:/a:mozilla:firefox:1.5:beta2
cpe:/a:mozilla:thunderbird:11.0
cpe:/a:mozilla:firefox:1.5:beta1
...
OVAL    13
oval:org.secpod.oval:def:700982
oval:org.secpod.oval:def:400428
oval:org.secpod.oval:def:400421
oval:org.secpod.oval:def:202430
...

© SecPod Technologies