CVE-2012-1963Mozilla Seamonkey vulnerability

CWE-2647 documents6 sources
Severity
4.3MEDIUMNVD
EPSS
1.5%
top 18.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Mozilla SeamonkeyMozilla FirefoxMozilla Thunderbird+1 more
Timeline
PublishedJul 18
Latest updateMay 14

Description

The Content Security Policy (CSP) functionality in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly restrict the strings placed into the blocked-uri parameter of a violation report, which allows remote web servers to capture OpenID credentials and OAuth 2.0 access tokens by triggering a violation.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

NVDmozilla/firefox22 versions+21
NVDmozilla/thunderbird17 versions+16
NVDmozilla/thunderbird_esr6 versions+5
NVDmozilla/seamonkey2.10+49

🔴Vulnerability Details

2
GHSA
GHSA-49qg-xp6c-mm46: The Content Security Policy (CSP) functionality in Mozilla Firefox 42022-05-14
CVEList
CVE-2012-1963: The Content Security Policy (CSP) functionality in Mozilla Firefox 42012-07-18

📋Vendor Advisories

3
Ubuntu
Firefox vulnerabilities2012-07-17
Red Hat
Mozilla: Content Security Policy 1.0 implementation errors cause data leakage (MFSA 2012-53)2012-07-17
Ubuntu
Thunderbird vulnerabilities2012-07-17

💬Community

1
Bugzilla
CVE-2012-1963 Mozilla: Content Security Policy 1.0 implementation errors cause data leakage (MFSA 2012-53)2012-07-14
CVE-2012-1963 — Mozilla Seamonkey vulnerability | cvebase