CVE-2012-0460 — Mozilla Seamonkey vulnerability

CWE-26410 documents6 sources

Severity

6.4MEDIUMNVD

EPSS

1.8%

top 17.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Seamonkey Mozilla Firefox Mozilla Firefox ESR +2 more

Timeline

PublishedMar 14

Latest updateMay 4

Description

Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict write access to the window.fullScreen object, which allows remote attackers to spoof the user interface via a crafted web page.

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages5 packages

▶NVDmozilla/firefox14 versions+13

▶NVDmozilla/firefox_esr10.1, 10.2+1

▶NVDmozilla/thunderbird9 versions+8

▶NVDmozilla/thunderbird_esr10.0, 10.0.1, 10.0.2+2

▶NVDmozilla/seamonkey2.7+60

🔴Vulnerability Details

GHSA

GHSA-ggm6-wpfc-7p7c: Mozilla Firefox 4↗2022-05-04

▶

CVEList

CVE-2012-0460: Mozilla Firefox 4↗2012-03-14

▶

📋Vendor Advisories

Ubuntu

GSettings desktop schemas regression↗2012-04-20

▶

Ubuntu

Thunderbird regressions↗2012-04-03

▶

Ubuntu

Thunderbird vulnerabilities↗2012-03-21

▶

Ubuntu

ubufox update↗2012-03-16

▶

Ubuntu

Firefox vulnerabilities↗2012-03-16

▶

💬Community

Bugzilla

CVE-2012-0460 Mozilla: window.fullScreen writeable by untrusted content (MFSA 2012-18)↗2012-03-14

▶