CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
85.7%
Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before
10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR
10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict
setting the home page through the dragging of a URL to the home button,
which allows user-assisted remote attackers to execute arbitrary JavaScript
code with chrome privileges via a javascript: URL that is later interpreted
in the about:sessionrestore context.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | firefox | < 11.0+build1-0ubuntu0.10.04.2 | UNKNOWN |
ubuntu | 10.10 | noarch | firefox | < 11.0+build1-0ubuntu0.10.10.2 | UNKNOWN |
ubuntu | 11.04 | noarch | firefox | < 11.0+build1-0ubuntu0.11.04.1 | UNKNOWN |
ubuntu | 11.10 | noarch | firefox | < 11.0+build1-0ubuntu0.11.10.1 | UNKNOWN |
ubuntu | 10.04 | noarch | thunderbird | < 3.1.20+build1+nobinonly-0ubuntu0.10.04.1 | UNKNOWN |
ubuntu | 10.10 | noarch | thunderbird | < 3.1.20+build1+nobinonly-0ubuntu0.10.10.1 | UNKNOWN |
ubuntu | 11.04 | noarch | thunderbird | < 3.1.20+build1+nobinonly-0ubuntu0.11.04.1 | UNKNOWN |
ubuntu | 11.10 | noarch | thunderbird | < 11.0+build1-0ubuntu0.11.10.1 | UNKNOWN |
ubuntu | 10.04 | noarch | xulrunner-1.9.2 | < 1.9.2.28+build1+nobinonly-0ubuntu0.10.04.1 | UNKNOWN |
ubuntu | 10.10 | noarch | xulrunner-1.9.2 | < 1.9.2.28+build1+nobinonly-0ubuntu0.10.10.1 | UNKNOWN |
launchpad.net/bugs/cve/CVE-2012-0458
nvd.nist.gov/vuln/detail/CVE-2012-0458
security-tracker.debian.org/tracker/CVE-2012-0458
ubuntu.com/security/notices/USN-1400-1
ubuntu.com/security/notices/USN-1400-3
ubuntu.com/security/notices/USN-1401-1
ubuntu.com/security/notices/USN-1401-2
www.cve.org/CVERecord?id=CVE-2012-0458