Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusTenable801282.PRM
HistoryJul 23, 2012 - 12:00 a.m.

Mozilla Firefox 13.x < 13 Multiple Vulnerabilities

2012-07-2300:00:00
Tenable
www.tenable.com
15

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.375 Low

EPSS

Percentile

97.2%

JSON

Versions of Firefox 13.x are potentially affected by the following security issues :

  • Several memory safety issues exist, some of which could potentially allow arbitrary code execution. (CVE-2012-1948, CVE-2012-1949)

  • An error related to drag and drop can allow incorrect URLs to be displayed. (CVE-2012-1950)

  • Several memory safety issues exist related to the Gecko layout engine. (CVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954)

  • An error related to JavaScript functions ‘history.forward’ and ‘history.back’ can allow incorrect URLs to be displayed. (CVE-2012-1955)

  • Cross-site scripting attacks are possible due to an error related to the ‘<embed>’ tag within an RSS ‘<description>’ element. (CVE-2012-1957)

  • A use-after-free error exists related to the method ‘nsGlobalWindow::PageHidden’. (CVE-2012-1958)

  • An error exists that can allow ‘same-compartment security wrappers’ (SCSW) to be bypassed. (CVE-2012-1959)

  • An out-of-bounds read error exists related to the color management library (QCMS). (CVE-2012-1960)

  • The ‘X-Frames-Options’ header is ignored if it is duplicated. (CVE-2012-1961)

  • A memory corruption error exists related to the method ‘JSDependentString::undepend’. (CVE-2012-1962)

  • An error related to the ‘Content Security Policy’ (CSP) implementation can allow the disclosure of OAuth 2.0 access tokens and OpenID credentials. (CVE-2012-1963)

  • An error exists related to the ‘feed:’ URL that can allow cross-site scripting attacks. (CVE-2012-1965)

  • Cross-site scripting attacks are possible due to an error related to the ‘data:’ URL and context menus. (CVE-2012-1966)

  • An error exists related to the ‘javascript:’ URL that can allow scripts to run at elevated privileges outside the sandbox. (CVE-2012-1967)

Binary data 801282.prm

References

Related

nessus 36
openvas 63
ubuntu 3
suse 6
oraclelinux 2
freebsd 1
veracode 17
redhat 2
securityvulns 1
centos 2
debian 3
osv 3
mozilla 7
nvd 11
ubuntucve 11
cve 8
cvelist 10
prion 13
nessus
nessus
Thunderbird < 14.0 Multiple Vulnerabilities (Mac OS X)
2012-07-19 00:00:00
Firefox < 14.0 Multiple Vulnerabilities
2012-07-19 00:00:00
Mozilla Firefox < 14.0 Multiple Vulnerabilities
2012-07-23 00:00:00
openvas
openvas
Ubuntu Update for thunderbird USN-1510-1
2012-07-19 00:00:00
SuSE Update for MozillaThunderbird openSUSE-SU-2012:0917-1 (MozillaThunderbird)
2012-12-13 00:00:00
SuSE Update for MozillaFirefox openSUSE-SU-2012:0899-1 (MozillaFirefox)
2012-12-13 00:00:00
ubuntu
ubuntu
ubufox update
2012-07-18 00:00:00
Thunderbird vulnerabilities
2012-07-17 00:00:00
Firefox vulnerabilities
2012-07-17 00:00:00
suse
suse
seamonkey: Update to Seamonkey 2.11 (important)
2012-08-01 18:08:34
Security update for Mozilla Firefox (important)
2012-07-21 01:08:17
MozillaThunderbird: update to Thunderbird 14.0 (important)
2012-07-27 13:08:18
oraclelinux
oraclelinux
firefox security update
2012-07-17 00:00:00
thunderbird security update
2012-07-17 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2012-07-17 00:00:00
veracode
veracode
Arbitrary Code Execution
2019-05-02 04:42:26
Denial Of Service (DoS)
2019-05-02 04:42:27
Spoofing Vulnerability
2019-05-02 04:42:26
redhat
redhat
(RHSA-2012:1088) Critical: firefox security update
2012-07-17 00:00:00
(RHSA-2012:1089) Critical: thunderbird security update
2012-07-17 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2012-08-13 00:00:00
centos
centos
firefox, xulrunner security update
2012-07-17 20:41:16
thunderbird security update
2012-07-17 21:25:02
debian
debian
[SECURITY] [DSA 2514-1] iceweasel security update
2012-07-17 20:03:42
[SECURITY] [DSA 2528-1] icedove security update
2012-08-14 19:26:36
[SECURITY] [DSA 2513-1] iceape security update
2012-07-17 19:47:49
osv
osv
iceweasel - several vulnerabilities
2012-07-17 00:00:00
icedove - several
2012-08-14 00:00:00
iceape - several vulnerabilities
2012-07-17 00:00:00
mozilla
mozilla
Gecko memory corruption — Mozilla
2012-07-17 00:00:00
Miscellaneous memory safety hazards (rv:14.0/ rv:10.0.6) — Mozilla
2012-07-17 00:00:00
Content Security Policy 1.0 implementation errors cause data leakage — Mozilla
2012-07-17 00:00:00
nvd
nvd
CVE-2012-1951
2012-07-18 10:26:48
CVE-2012-1949
2012-07-18 10:26:48
CVE-2012-1955
2012-07-18 10:26:48
ubuntucve
ubuntucve
CVE-2012-1951
2012-07-17 00:00:00
CVE-2012-1949
2012-07-17 00:00:00
CVE-2012-1948
2012-07-17 00:00:00
cve
cve
CVE-2012-1951
2012-07-18 10:26:48
CVE-2012-1955
2012-07-18 10:26:48
CVE-2012-1965
2012-07-18 10:26:49
cvelist
cvelist
CVE-2012-1949
2012-07-18 10:00:00
CVE-2012-1953
2012-07-18 10:00:00
CVE-2012-1965
2012-07-18 10:00:00
prion
prion
Design/Logic Flaw
2012-07-18 10:26:00
Heap overflow
2012-07-18 10:26:00
Design/Logic Flaw
2012-07-18 10:26:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.375 Low

EPSS

Percentile

97.2%

JSON
Related for 801282.PRM
nessus36openvas63ubuntu3suse6oraclelinux2freebsd1veracode17redhat2securityvulns1centos2debian3osv3mozilla7nvd11ubuntucve11cve8cvelist10prion13