CVE-2012-0458
Last modified
CVE-2012-0458 is a vulnerability of currently unknown severity. Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict setting the home page through the dragging of a URL to the home button, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a javascript: URL that is later interpreted in the about:sessionrestore context.. EPSS estimates a 2.79% chance of exploitation in the next 30 days.
Description
Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict setting the home page through the dragging of a URL to the home button, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a javascript: URL that is later interpreted in the about:sessionrestore context.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | <= 3.6.27 |
| Mozilla | Firefox | > 4.0, <= 10.0 |
| Mozilla | Firefox | 10.0 |
| Mozilla | Firefox | 10.0.1 |
| Mozilla | Firefox | 10.0.2 |
| Mozilla | Thunderbird | >= 1.0, <= 3.1.19 |
| Mozilla | Thunderbird | > 5.0, <= 10.0 |
| Mozilla | Thunderbird Esr | 10.0 |
| Mozilla | Thunderbird Esr | 10.0.1 |
| Mozilla | Thunderbird Esr | 10.0.2 |
| Mozilla | Seamonkey | All versions |
| Mozilla | Seamonkey | 1.0 |
| Mozilla | Seamonkey | 1.0.1 |
| Mozilla | Seamonkey | 1.0.2 |
| Mozilla | Seamonkey | 1.0.3 |
| Mozilla | Seamonkey | 1.0.4 |
| Mozilla | Seamonkey | 1.0.5 |
| Mozilla | Seamonkey | 1.0.6 |
| Mozilla | Seamonkey | 1.0.7 |
| Mozilla | Seamonkey | 1.0.8 |
| Mozilla | Seamonkey | 1.0.9 |
| Mozilla | Seamonkey | 1.1 |
| Mozilla | Seamonkey | 1.1.1 |
| Mozilla | Seamonkey | 1.1.2 |
| Mozilla | Seamonkey | 1.1.3 |
| Mozilla | Seamonkey | 1.1.4 |
| Mozilla | Seamonkey | 1.1.5 |
| Mozilla | Seamonkey | 1.1.6 |
| Mozilla | Seamonkey | 1.1.7 |
| Mozilla | Seamonkey | 1.1.8 |
| Mozilla | Seamonkey | 1.1.9 |
| Mozilla | Seamonkey | 1.1.10 |
| Mozilla | Seamonkey | 1.1.11 |
| Mozilla | Seamonkey | 1.1.12 |
| Mozilla | Seamonkey | 1.1.13 |
| Mozilla | Seamonkey | 1.1.14 |
| Mozilla | Seamonkey | 1.1.15 |
| Mozilla | Seamonkey | 1.1.16 |
| Mozilla | Seamonkey | 1.1.17 |
| Mozilla | Seamonkey | 1.1.18 |
| Mozilla | Seamonkey | 1.1.19 |
| Mozilla | Seamonkey | 1.5.0.8 |
| Mozilla | Seamonkey | 1.5.0.9 |
| Mozilla | Seamonkey | 1.5.0.10 |
| Mozilla | Seamonkey | 2.0 |
| Mozilla | Seamonkey | 2.0.1 |
| Mozilla | Seamonkey | 2.0.2 |
| Mozilla | Seamonkey | 2.0.3 |
| Mozilla | Seamonkey | 2.0.4 |
| Mozilla | Seamonkey | 2.0.5 |
Showing 50 of 73 affected configurations. See NVD for the full list.
References
- http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.htmlThird Party Advisory
- http://secunia.com/advisories/48495Third Party Advisory
- http://secunia.com/advisories/48496Third Party Advisory
- http://secunia.com/advisories/48513Third Party Advisory
- http://secunia.com/advisories/48553Third Party Advisory
- http://secunia.com/advisories/48561Third Party Advisory
- http://secunia.com/advisories/48624Third Party Advisory
- http://secunia.com/advisories/48629Third Party Advisory
- http://secunia.com/advisories/48823Third Party Advisory
- http://secunia.com/advisories/48920Third Party Advisory
- http://www.debian.org/security/2012/dsa-2433Third Party Advisory
- http://www.ubuntu.com/usn/USN-1400-2Third Party Advisory
- http://www.ubuntu.com/usn/USN-1400-3Third Party Advisory
- http://www.ubuntu.com/usn/USN-1400-4Third Party Advisory
- http://www.ubuntu.com/usn/USN-1400-5Third Party Advisory
- http://www.ubuntu.com/usn/USN-1401-1Third Party Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=718203Exploit, Issue Tracking, Vendor Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=719994Issue Tracking, Vendor Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=723808Issue Tracking, Patch, Vendor Advisory
- http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.htmlThird Party Advisory
- http://secunia.com/advisories/48495Third Party Advisory
- http://secunia.com/advisories/48496Third Party Advisory
- http://secunia.com/advisories/48513Third Party Advisory
- http://secunia.com/advisories/48553Third Party Advisory
- http://secunia.com/advisories/48561Third Party Advisory
- http://secunia.com/advisories/48624Third Party Advisory
- http://secunia.com/advisories/48629Third Party Advisory
- http://secunia.com/advisories/48823Third Party Advisory
- http://secunia.com/advisories/48920Third Party Advisory
- http://www.debian.org/security/2012/dsa-2433Third Party Advisory
- http://www.ubuntu.com/usn/USN-1400-2Third Party Advisory
- http://www.ubuntu.com/usn/USN-1400-3Third Party Advisory
- http://www.ubuntu.com/usn/USN-1400-4Third Party Advisory
- http://www.ubuntu.com/usn/USN-1400-5Third Party Advisory
- http://www.ubuntu.com/usn/USN-1401-1Third Party Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=718203Exploit, Issue Tracking, Vendor Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=719994Issue Tracking, Vendor Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=723808Issue Tracking, Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2012-0458?
How severe is CVE-2012-0458?
How do I fix CVE-2012-0458?
Are you affected by CVE-2012-0458?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST