CVE-2012-3973 — Mozilla Firefox vulnerability

CWE-2646 documents5 sources

Severity

7.6HIGHNVD

EPSS

3.0%

top 13.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox

Timeline

PublishedAug 29

Latest updateMay 17

Description

The debugger in the developer-tools subsystem in Mozilla Firefox before 15.0, when remote debugging is disabled, does not properly restrict access to the remote-debugging service, which allows remote attackers to execute arbitrary code by leveraging the presence of the HTTPMonitor extension and connecting to that service through the HTTPMonitor port.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages1 packages

▶NVDmozilla/firefox14.0+130

🔴Vulnerability Details

GHSA

GHSA-rrwm-vm8h-54hm: The debugger in the developer-tools subsystem in Mozilla Firefox before 15↗2022-05-17

▶

📋Vendor Advisories

Ubuntu

Firefox regression↗2012-09-11

▶

Ubuntu

Firefox vulnerabilities↗2012-08-29

▶

Red Hat

Mozilla: HTTPMonitor extension allows for remote debugging without explicit activation (MFSA 2012-66)↗2012-08-28

▶

💬Community

Bugzilla

CVE-2012-3973 Mozilla: HTTPMonitor extension allows for remote debugging without explicit activation (MFSA 2012-66)↗2012-08-27

▶