Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0958

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-0958
Last Modified 11 Jan 2013 12:00:00
Published 26 Dec 2012 05:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-0958

Summary

content/unity-api.js in the unity-firefox-extension extension 2.4.1 for Firefox exposes the toDataURL function in an API call, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted webpage.

Vulnerable Systems

Application

  • Ps Project Management Team Unity-firefox-extension 2.4.1


References

MISC - https://bugs.launchpad.net/ubuntu/%2Bsource/unity-firefox-extension/%2Bbug/1069817

UBUNTU - USN-1665-1

BID - 56930

OSVDB - 88438

CONFIRM - http://bazaar.launchpad.net/~webapps/unity-firefox-extension/trunk/revision/331


Last Updated: 27 May 2016 10:57:38