Lucene search

[email protected]CVE-2012-0958

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2012-0958

2022-10-0316:15:41

[email protected]

web.nvd.nist.gov

cve-2012-0958

content

unity-api.js

unity-firefox-extension

same origin policy

remote attackers

sensitive information

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.8%

JSON

content/unity-api.js in the unity-firefox-extension extension 2.4.1 for Firefox exposes the toDataURL function in an API call, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted webpage.

Affected configurations

NVD

Node

ps_project_management_teamunity-firefox-extensionMatch2.4.1-firefox

CPENameOperatorVersion
ps_project_management_team:unity-firefox-extensionps project management team unity-firefox-extensioneq2.4.1

CPE	Name	Operator	Version
ps_project_management_team:unity-firefox-extension	ps project management team unity-firefox-extension	eq	2.4.1

References

bazaar.launchpad.net/~webapps/unity-firefox-extension/trunk/revision/331

osvdb.org/88438

www.securityfocus.com/bid/56930

www.ubuntu.com/usn/USN-1665-1

bugs.launchpad.net/ubuntu/%2Bsource/unity-firefox-extension/%2Bbug/1069817

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.8%

JSON

Related for CVE-2012-0958

nessus1 openvas2 ubuntu1 securityvulns2 nvd1 ubuntucve1 cvelist1 prion1