| Vulnerability Name: | CVE-2012-5354 (CCN-79474) | ||||||||||||
| Assigned: | 2012-10-09 | ||||||||||||
| Published: | 2012-10-09 | ||||||||||||
| Updated: | 2020-08-26 | ||||||||||||
| Summary: | Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has multiple menus of SELECT elements active, which allows remote attackers to conduct clickjacking attacks via vectors involving an XPI file, the window.open method, and the Geolocation API, a different vulnerability than CVE-2012-3984. | ||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P) 5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2012-5354 Source: OSVDB Type: Broken Link 86171 Source: CCN Type: SA50856 Mozilla Firefox / Thunderbird Multiple Vulnerabilities Source: SECUNIA Type: Broken Link 50856 Source: CCN Type: SA50935 Mozilla SeaMonkey Multiple Vulnerabilities Source: SECUNIA Type: Broken Link 50935 Source: CCN Type: MFSA 2012-75 select element persistance allows for attacks Source: CONFIRM Type: Vendor Advisory http://www.mozilla.org/security/announce/2012/mfsa2012-75.html Source: CONFIRM Type: Issue Tracking, Vendor Advisory https://bugzilla.mozilla.org/show_bug.cgi?id=726264 Source: XF Type: UNKNOWN mozilla-firefox-xpi-clickjacking(79474) Source: OVAL Type: Third Party Advisory oval:org.mitre.oval:def:16972 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| Oval Definitions | |||||||||||||
| |||||||||||||
| BACK | |||||||||||||