Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0460

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2012-0460
Last Modified 18 Dec 2012 11:48:34
Published 14 Mar 2012 03:55:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-0460

Summary

Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict write access to the window.fullScreen object, which allows remote attackers to spoof the user interface via a crafted web page.

Vulnerable Systems

Application

  • Mozilla Firefox 4.0

  • Mozilla Firefox 4.0.1

  • Mozilla Firefox 5.0

  • Mozilla Firefox 5.0.1

  • Mozilla Firefox 6.0

  • Mozilla Firefox 6.0.1

  • Mozilla Firefox 6.0.2

  • Mozilla Firefox 7.0

  • Mozilla Firefox 7.0.1

  • Mozilla Firefox 8.0

  • Mozilla Firefox 8.0.1

  • Mozilla Firefox 9.0

  • Mozilla Firefox 9.0.1

  • Mozilla Firefox Esr 10.0

  • Mozilla Firefox Esr 10.1

  • Mozilla Firefox Esr 10.2

  • Mozilla Seamonkey 1.0

  • Mozilla Seamonkey 1.0.1

  • Mozilla Seamonkey 1.0.2

  • Mozilla Seamonkey 1.0.3

  • Mozilla Seamonkey 1.0.4

  • Mozilla Seamonkey 1.0.5

  • Mozilla Seamonkey 1.0.6

  • Mozilla Seamonkey 1.0.7

  • Mozilla Seamonkey 1.0.8

  • Mozilla Seamonkey 1.0.9

  • Mozilla Seamonkey 1.1

  • Mozilla Seamonkey 1.1.1

  • Mozilla Seamonkey 1.1.10

  • Mozilla Seamonkey 1.1.11

  • Mozilla Seamonkey 1.1.12

  • Mozilla Seamonkey 1.1.13

  • Mozilla Seamonkey 1.1.14

  • Mozilla Seamonkey 1.1.15

  • Mozilla Seamonkey 1.1.16

  • Mozilla Seamonkey 1.1.17

  • Mozilla Seamonkey 1.1.18

  • Mozilla Seamonkey 1.1.19

  • Mozilla Seamonkey 1.1.2

  • Mozilla Seamonkey 1.1.3

  • Mozilla Seamonkey 1.1.4

  • Mozilla Seamonkey 1.1.5

  • Mozilla Seamonkey 1.1.6

  • Mozilla Seamonkey 1.1.7

  • Mozilla Seamonkey 1.1.8

  • Mozilla Seamonkey 1.1.9

  • Mozilla Seamonkey 1.5.0.10

  • Mozilla Seamonkey 1.5.0.8

  • Mozilla Seamonkey 1.5.0.9

  • Mozilla Seamonkey 2.0

  • Mozilla Seamonkey 2.0.1

  • Mozilla Seamonkey 2.0.10

  • Mozilla Seamonkey 2.0.11

  • Mozilla Seamonkey 2.0.12

  • Mozilla Seamonkey 2.0.13

  • Mozilla Seamonkey 2.0.14

  • Mozilla Seamonkey 2.0.2

  • Mozilla Seamonkey 2.0.3

  • Mozilla Seamonkey 2.0.4

  • Mozilla Seamonkey 2.0.5

  • Mozilla Seamonkey 2.0.6

  • Mozilla Seamonkey 2.0.7

  • Mozilla Seamonkey 2.0.8

  • Mozilla Seamonkey 2.0.9

  • Mozilla Seamonkey 2.1

  • Mozilla Seamonkey 2.2

  • Mozilla Seamonkey 2.3

  • Mozilla Seamonkey 2.3.1

  • Mozilla Seamonkey 2.3.2

  • Mozilla Seamonkey 2.3.3

  • Mozilla Seamonkey 2.4

  • Mozilla Seamonkey 2.4.1

  • Mozilla Seamonkey 2.5

  • Mozilla Seamonkey 2.6

  • Mozilla Seamonkey 2.6.1

  • Mozilla Seamonkey 2.7

  • Mozilla Thunderbird 5.0

  • Mozilla Thunderbird 6.0

  • Mozilla Thunderbird 6.0.1

  • Mozilla Thunderbird 6.0.2

  • Mozilla Thunderbird 7.0

  • Mozilla Thunderbird 7.0.1

  • Mozilla Thunderbird 8.0

  • Mozilla Thunderbird 9.0

  • Mozilla Thunderbird 9.0.1

  • Mozilla Thunderbird Esr 10.0

  • Mozilla Thunderbird Esr 10.0.1

  • Mozilla Thunderbird Esr 10.0.2


References

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=727303

CONFIRM - http://www.mozilla.org/security/announce/2012/mfsa2012-18.html

UBUNTU - USN-1400-3

SECUNIA - 48629

SECUNIA - 48513

SUSE - openSUSE-SU-2012:0417

UBUNTU - USN-1400-5

UBUNTU - USN-1400-4

UBUNTU - USN-1400-2

SECUNIA - 48553

SECUNIA - 48496

SECUNIA - 48561

SECUNIA - 49055

Related Patches

Red Hat 2012:0387-01 RHSA Critical: firefox security and bug fix update for RHEL 5 x86

Red Hat 2012:0387-01 RHSA Critical: firefox security and bug fix update for RHEL 5 x86_64

Red Hat 2012:0388-01 RHSA Critical: thunderbird security update for RHEL 5 x86

Red Hat 2012:0388-01 RHSA Critical: thunderbird security update for RHEL 5 x86_64

Novell SUSE 2012:6007 MozillaFirefox security update for SLE 11 SP1 i586

Novell SUSE 2012:6007 MozillaFirefox security update for SLE 11 SP1 x86_64

Mozilla Firefox ESR 10.0.3 for Mac OS X (Update) (See Note) (Rev 2)

Mozilla Firefox (English) 11.0 for Windows (Update) (See Notes) (Rev 2)

Mozilla Firefox 11.0 for Mac OS X (Update) (See Note) (Rev 2)

Mozilla Firefox ESR (English) 10.0.3 for Windows (Update) (See Notes)


Last Updated: 27 May 2016 10:57:28