|
|
Subscribe / Log in / New account

mozilla: multiple vulnerabilities

Package(s):firefox, thunderbird, seamonkey CVE #(s):CVE-2012-3983 CVE-2012-3989 CVE-2012-3984 CVE-2012-3985
Created:October 10, 2012 Updated:October 17, 2012
Description: From the Ubuntu advisory:

Henrik Skupin, Jesse Ruderman, Christian Holler, Soroush Dalili and others discovered several memory corruption flaws in Firefox. If a user were tricked into opening a specially crafted web page, a remote attacker could cause Firefox to crash or potentially execute arbitrary code as the user invoking the program. (CVE-2012-3982, CVE-2012-3983, CVE-2012-3988, CVE-2012-3989)

David Bloom and Jordi Chancel discovered that Firefox did not always properly handle the <select> element. A remote attacker could exploit this to conduct URL spoofing and clickjacking attacks. (CVE-2012-3984)

Collin Jackson discovered that Firefox did not properly follow the HTML5 specification for document.domain behavior. A remote attacker could exploit this to conduct cross-site scripting (XSS) attacks via javascript execution. (CVE-2012-3985)

Johnny Stenback discovered that Firefox did not properly perform security checks on tests methods for DOMWindowUtils. (CVE-2012-3986)

Alice White discovered that the security checks for GetProperty could be bypassed when using JSAPI. If a user were tricked into opening a specially crafted web page, a remote attacker could exploit this to execute arbitrary code as the user invoking the program. (CVE-2012-3991)

Mariusz Mlynski discovered a history state error in Firefox. A remote attacker could exploit this to spoof the location property to inject script or intercept posted data. (CVE-2012-3992)

Mariusz Mlynski and others discovered several flays in Firefox that allowed a remote attacker to conduct cross-site scripting (XSS) attacks. (CVE-2012-3993, CVE-2012-3994, CVE-2012-4184)

Abhishek Arya, Atte Kettunen and others discovered several memory flaws in Firefox when using the Address Sanitizer tool. If a user were tricked into opening a specially crafted web page, a remote attacker could cause Firefox to crash or potentially execute arbitrary code as the user invoking the program. (CVE-2012-3990, CVE-2012-3995, CVE-2012-4179, CVE-2012-4180, CVE-2012-4181, CVE-2012-4182, CVE-2012-4183, CVE-2012-4185, CVE-2012-4186, CVE-2012-4187, CVE-2012-4188)

Alerts:
openSUSE openSUSE-SU-2014:1100-1 Firefox 2014-09-09
Gentoo 201301-01 firefox 2013-01-07
Mageia MGASA-2012-0353 iceape 2012-12-07
SUSE SUSE-SU-2012:1351-1 Mozilla Firefox 2012-10-16
openSUSE openSUSE-SU-2012:1345-1 MozillaFirefox 2012-10-15
Ubuntu USN-1611-1 thunderbird 2012-10-12
Ubuntu USN-1600-1 firefox 2012-10-09
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds