Lucene search

CanonicalCVELIST:CVE-2012-0958

HistoryDec 26, 2012 - 10:00 p.m.

CVE-2012-0958

2012-12-2622:00:00

canonical

www.cve.org

cve-2012-0958

same origin policy

remote attackers

sensitive information

api vulnerability

unity firefox extension

AI Score

Confidence

Low

EPSS

0.003

Percentile

66.2%

JSON

content/unity-api.js in the unity-firefox-extension extension 2.4.1 for Firefox exposes the toDataURL function in an API call, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted webpage.

References

bazaar.launchpad.net/~webapps/unity-firefox-extension/trunk/revision/331

osvdb.org/88438

www.securityfocus.com/bid/56930

www.ubuntu.com/usn/USN-1665-1

bugs.launchpad.net/ubuntu/%2Bsource/unity-firefox-extension/%2Bbug/1069817