CVE-2012-3976 — Sensitive Information Exposure in Mozilla Firefox

CWE-200 — Sensitive Information Exposure6 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

0.8%

top 26.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey Canonical Ubuntu Linux +9 more

Timeline

PublishedAug 29

Latest updateMay 13

Description

Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate information in the address bar via a crafted web page.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages9 packages

▶NVDmozilla/firefox10.0 — 10.0.7+1

▶NVDmozilla/seamonkey< 2.12

▶NVDopensuse/opensuse12.2

▶NVDsuse/linux_enterprise_server10, 11+1

▶NVDsuse/linux_enterprise_desktop10, 11+1

Also affects: Ubuntu Linux 10.04, 11.04, 11.10, 12.04, Enterprise Linux 6.3

🔴Vulnerability Details

GHSA

GHSA-42j4-67r4-889f: Mozilla Firefox before 15↗2022-05-13

▶

CVEList

CVE-2012-3976: Mozilla Firefox before 15↗2012-08-29

▶

📋Vendor Advisories

Ubuntu

Firefox vulnerabilities↗2012-08-29

▶

Red Hat

Mozilla: Incorrect site SSL certificate data display (MFSA 2012-69)↗2012-08-28

▶

💬Community

Bugzilla

CVE-2012-3976 Mozilla: Incorrect site SSL certificate data display (MFSA 2012-69)↗2012-08-27

▶