CVE-2012-5354 — Mozilla Firefox vulnerability

5 documents5 sources

Severity

6.8MEDIUMNVD

EPSS

0.9%

top 24.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird

Timeline

PublishedOct 10

Latest updateMay 13

Description

Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has multiple menus of SELECT elements active, which allows remote attackers to conduct clickjacking attacks via vectors involving an XPI file, the window.open method, and the Geolocation API, a different vulnerability than CVE-2012-3984.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶NVDmozilla/firefox< 16.0

▶NVDmozilla/seamonkey< 2.13

▶NVDmozilla/thunderbird< 16.0

🔴Vulnerability Details

GHSA

GHSA-crp5-x6hq-7qw3: Mozilla Firefox before 16↗2022-05-13

▶

CVEList

CVE-2012-5354: Mozilla Firefox before 16↗2012-10-10

▶

📋Vendor Advisories

Red Hat

Mozilla: Select element persistance allows for attacks (MFSA 2012-75)↗2012-10-09

▶

💬Community

Bugzilla

CVE-2012-3984 CVE-2012-5354 Mozilla: Select element persistance allows for attacks (MFSA 2012-75)↗2012-10-06

▶