Lucene search
Mozilla FoundationMFSA2012-72HistoryAug 28, 2012 - 12:00 a.m.
Web console eval capable of executing chrome-privileged code — Mozilla
2012-08-2800:00:00
Mozilla Foundation
www.mozilla.org
44
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
0.013
Percentile
85.9%
Security researcher Colby Russell discovered that eval in the web console can execute injected code with chrome privileges, leading to the running of malicious code in a privileged context. This allows for arbitrary code execution through a malicious web page if the web console is invoked by the user.
Affected configurations
Node
mozillafirefoxRange<15
ORmozillafirefox_esrRange<10.0.7
ORmozillathunderbirdRange<15
ORmozillathunderbird_esrRange<10.0.7
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mozilla | firefox | * | cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* |
| mozilla | firefox_esr | * | cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* |
| mozilla | thunderbird | * | cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* |
| mozilla | thunderbird_esr | * | cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:* |
Related
ubuntucve
ubuntucve
CVE-2012-3980
2012-08-29 00:00:00
openvas
openvas
Mozilla Firefox ESR Multiple Vulnerabilities - August12 (Mac OS X)
2013-07-17 00:00:00
Mozilla Thunderbird Multiple Vulnerabilities (Aug 2012) - Mac OS X
2013-07-17 00:00:00
Mozilla Firefox ESR Multiple Vulnerabilities (Aug 2012) - Mac OS X
2013-07-17 00:00:00
cvelist
cvelist
CVE-2012-3980
2012-08-29 10:00:00
prion
prion
Code injection
2012-08-29 10:56:00
cve
cve
CVE-2012-3980
2012-08-29 10:56:41
nvd
nvd
CVE-2012-3980
2012-08-29 10:56:41
nessus
nessus
Thunderbird 10.0.x < 10.0.7 Multiple Vulnerabilities (Mac OS X)
2012-08-29 00:00:00
Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64 (20120829)
2012-08-30 00:00:00
RHEL 5 / 6 : thunderbird (RHSA-2012:1211)
2012-08-29 00:00:00
redhat
redhat
(RHSA-2012:1211) Critical: thunderbird security update
2012-08-29 00:00:00
(RHSA-2012:1210) Critical: firefox security update
2012-08-29 00:00:00
oraclelinux
oraclelinux
thunderbird security update
2012-08-29 00:00:00
firefox security update
2012-08-29 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 04:42:57
Information Disclosure
2019-05-02 04:42:57
Arbitrary Code Execution
2019-05-02 04:42:57
centos
centos
thunderbird security update
2012-08-29 12:53:01
firefox, xulrunner security update
2012-08-29 12:43:30
ubuntu
ubuntu
Thunderbird regressions
2012-09-28 00:00:00
Firefox vulnerabilities
2012-08-29 00:00:00
Thunderbird vulnerabilities
2012-08-30 00:00:00
suse
suse
MozillaFirefox: Update to version 15 (critical)
2012-08-30 12:09:15
MozillaFirefox: Update to version 15 (critical)
2012-08-30 12:09:32
Security update for Mozilla Firefox (important)
2012-09-13 01:08:39
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2012-09-18 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2012-08-28 00:00:00
ibm
ibm
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00
osv
osv
MozillaThunderbird-45.5.1-1.1 on GA media
2024-06-15 00:00:00
MozillaFirefox-50.1.0-1.1 on GA media
2024-06-15 00:00:00
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
0.013
Percentile
85.9%
Related for MFSA2012-72