Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5883

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-5883
Last Modified 13 Dec 2013 12:08:24
Published 16 Nov 2012 07:24:24
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-5883

Summary

Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.

Vulnerable Systems

Application

  • Mozilla Bugzilla 3.7

  • Mozilla Bugzilla 3.7.1

  • Mozilla Bugzilla 3.7.2

  • Mozilla Bugzilla 3.7.3

  • Mozilla Bugzilla 4.0

  • Mozilla Bugzilla 4.0.1

  • Mozilla Bugzilla 4.0.2

  • Mozilla Bugzilla 4.0.3

  • Mozilla Bugzilla 4.0.4

  • Mozilla Bugzilla 4.0.5

  • Mozilla Bugzilla 4.0.6

  • Mozilla Bugzilla 4.0.7

  • Mozilla Bugzilla 4.0.8

  • Mozilla Bugzilla 4.1

  • Mozilla Bugzilla 4.1.1

  • Mozilla Bugzilla 4.1.2

  • Mozilla Bugzilla 4.1.3

  • Mozilla Bugzilla 4.2

  • Mozilla Bugzilla 4.2.1

  • Mozilla Bugzilla 4.2.2

  • Mozilla Bugzilla 4.2.3

  • Mozilla Bugzilla 4.3

  • Mozilla Bugzilla 4.3.1

  • Mozilla Bugzilla 4.3.2

  • Mozilla Bugzilla 4.3.3

  • Yahoo Yui 2.8.0

  • Yahoo Yui 2.8.1

  • Yahoo Yui 2.8.2

  • Yahoo Yui 2.9.0


References

CONFIRM - http://yuilibrary.com/support/20121030-vulnerability/

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=808845

CONFIRM - http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/

CONFIRM - http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/

CONFIRM - http://www.bugzilla.org/security/3.6.11/

XF - bugzilla-flash-xss(80116)

MANDRIVA - MDVSA-2013:066


Last Updated: 27 May 2016 10:58:28