Lucene search

K

[email protected]NVD:CVE-2012-3976

HistoryAug 29, 2012 - 10:56 a.m.

CVE-2012-3976

2012-08-2910:56:41

CWE-200

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

8.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.1%

Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate information in the address bar via a crafted web page.

Affected configurations

NVD

Node

mozillafirefoxRange<15.0

OR

mozillafirefox_esrRange10.0–10.0.7

OR

mozillaseamonkeyRange<2.12

Node

opensuseopensuseMatch12.2

OR

suselinux_enterprise_desktopMatch10sp4-

OR

suselinux_enterprise_desktopMatch11sp2

OR

suselinux_enterprise_serverMatch10sp4-

OR

suselinux_enterprise_serverMatch11sp2-

OR

suselinux_enterprise_serverMatch11sp2vmware

OR

suselinux_enterprise_software_development_kitMatch11sp2

Node

redhatenterprise_linux_desktopMatch5.0

OR

redhatenterprise_linux_desktopMatch6.0

OR

redhatenterprise_linux_eusMatch6.3

OR

redhatenterprise_linux_serverMatch5.0

OR

redhatenterprise_linux_serverMatch6.0

OR

redhatenterprise_linux_server_eusMatch6.3

OR

redhatenterprise_linux_workstationMatch5.0

OR

redhatenterprise_linux_workstationMatch6.0

Node

canonicalubuntu_linuxMatch10.04

OR

canonicalubuntu_linuxMatch11.04

OR

canonicalubuntu_linuxMatch11.10

OR

canonicalubuntu_linuxMatch12.04esm

References

lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html

lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html

lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html

rhn.redhat.com/errata/RHSA-2012-1210.html

www.mozilla.org/security/announce/2012/mfsa2012-69.html

www.securityfocus.com/bid/55313

www.ubuntu.com/usn/USN-1548-1

www.ubuntu.com/usn/USN-1548-2

www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf

bugzilla.mozilla.org/show_bug.cgi?id=768568

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16060

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

8.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.1%

Related for NVD:CVE-2012-3976

ubuntucve1 mozilla1 cvelist1 openvas22 prion1 cve1 nessus23 centos1 veracode19 redhat1 oraclelinux1 suse4 ubuntu2 securityvulns1 freebsd1 ibm2 gentoo1