- Home
- CVEs with nessus.description==Benoit+Jacob%2C+Jesse+Ruderman%2C+Christian+Holler%2C+Bill+McCloskey%2C+Brian+Smith%2C+Gary+Kwong%2C+Christoph+Diehl%2C+Chris+Jones%2C+Brad+Lassey%2C+and+Kyle+Huey+discovered+memory+safety+issues+affecting+Firefox.+If+the+user+were+tricked+into+opening+a+specially+crafted+page%2C+an+attacker+could+possibly+exploit+these+to+cause+a+denial+of+service+via+application+crash%2C+or+potentially+execute+code+with+the+privileges+of+the+user+invoking+Firefox.+%28CVE-2012-1948%2C+CVE-2012-1949%29%0A%0AMario+Gomes+discovered+that+the+address+bar+may+be+incorrectly+updated.+Drag-and-drop+events+in+the+address+bar+may+cause+the+address+of+the+previous+site+to+be+displayed+while+a+new+page+is+loaded.+An+attacker+could+exploit+this+to+conduct+phishing+attacks.%0A%28CVE-2012-1950%29%0A%0AAbhishek+Arya+discovered+four+memory+safety+issues+affecting+Firefox.%0AIf+the+user+were+tricked+into+opening+a+specially+crafted+page%2C+an+attacker+could+possibly+exploit+these+to+cause+a+denial+of+service+via+application+crash%2C+or+potentially+execute+code+with+the+privileges+of+the+user+invoking+Firefox.+%28CVE-2012-1951%2C+CVE-2012-1952%2C+CVE-2012-1953%2C+CVE-2012-1954%29%0A%0AMariusz+Mlynski+discovered+that+the+address+bar+may+be+incorrectly+updated.+Calls+to+history.forward+and+history.back+could+be+used+to+navigate+to+a+site+while+the+address+bar+still+displayed+the+previous+site.+A+remote+attacker+could+exploit+this+to+conduct+phishing+attacks.+%28CVE-2012-1955%29%0A%0AMario+Heiderich+discovered+that+HTML+%3Cembed%3E+tags+were+not+filtered+out+of+the+HTML+%3Cdescription%3E+of+RSS+feeds.+A+remote+attacker+could+exploit+this+to+conduct+cross-site+scripting+%28XSS%29+attacks+via+JavaScript+execution+in+the+HTML+feed+view.+%28CVE-2012-1957%29%0A%0AArthur+Gerkis+discovered+a+use-after-free+vulnerability.+If+the+user+were+tricked+into+opening+a+specially+crafted+page%2C+an+attacker+could+possibly+exploit+this+to+cause+a+denial+of+service+via+application+crash%2C+or+potentially+execute+code+with+the+privileges+of+the+user+invoking+Firefox.+%28CVE-2012-1958%29%0A%0ABobby+Holley+discovered+that+same-compartment+security+wrappers+%28SCSW%29+could+be+bypassed+to+allow+XBL+access.+If+the+user+were+tricked+into+opening+a+specially+crafted+page%2C+an+attacker+could+possibly+exploit+this+to+execute+code+with+the+privileges+of+the+user+invoking+Firefox.%0A%28CVE-2012-1959%29%0A%0ATony+Payne+discovered+an+out-of-bounds+memory+read+in+Mozilla%27s+color+management+library+%28QCMS%29.+If+the+user+were+tricked+into+opening+a+specially+crafted+color+profile%2C+an+attacker+could+possibly+exploit+this+to+cause+a+denial+of+service+via+application+crash.%0A%28CVE-2012-1960%29%0A%0AFrederic+Buclin+discovered+that+the+X-Frame-Options+header+was+ignored+when+its+value+was+specified+multiple+times.+An+attacker+could+exploit+this+to+conduct+clickjacking+attacks.+%28CVE-2012-1961%29%0A%0ABill+Keese+discovered+a+memory+corruption+vulnerability.+If+the+user+were+tricked+into+opening+a+specially+crafted+page%2C+an+attacker+could+possibly+exploit+this+to+cause+a+denial+of+service+via+application+crash%2C+or+potentially+execute+code+with+the+privileges+of+the+user+invoking+Firefox.+%28CVE-2012-1962%29%0A%0AKarthikeyan+Bhargavan+discovered+an+information+leakage+vulnerability+in+the+Content+Security+Policy+%28CSP%29+1.0+implementation.+If+the+user+were+tricked+into+opening+a+specially+crafted+page%2C+an+attacker+could+possibly+exploit+this+to+access+a+user%27s+OAuth+2.0+access+tokens+and+OpenID+credentials.+%28CVE-2012-1963%29%0A%0AMatt+McCutchen+discovered+a+clickjacking+vulnerability+in+the+certificate+warning+page.+A+remote+attacker+could+trick+a+user+into+accepting+a+malicious+certificate+via+a+crafted+certificate+warning+page.+%28CVE-2012-1964%29%0A%0AMario+Gomes+and+Soroush+Dalili+discovered+that+JavaScript+was+not+filtered+out+of+feed+URLs.+If+the+user+were+tricked+into+opening+a+specially+crafted+URL%2C+an+attacker+could+possibly+exploit+this+to+conduct+cross-site+scripting+%28XSS%29+attacks.+%28CVE-2012-1965%29%0A%0AA+vulnerability+was+discovered+in+the+context+menu+of+data%3A+URLs.+If+the+user+were+tricked+into+opening+a+specially+crafted+URL%2C+an+attacker+could+possibly+exploit+this+to+conduct+cross-site+scripting+%28XSS%29+attacks.+%28CVE-2012-1966%29%0A%0AIt+was+discovered+that+the+execution+of+javascript%3A+URLs+was+not+properly+handled+in+some+cases.+A+remote+attacker+could+exploit+this+to+execute+code+with+the+privileges+of+the+user+invoking+Firefox.%0A%28CVE-2012-1967%29.%0A%0ANote+that+Tenable+Network+Security+has+extracted+the+preceding+description+block+directly+from+the+Ubuntu+security+advisory.+Tenable+has+attempted+to+automatically+clean+and+format+it+as+much+as+possible+without+introducing+additional+issues
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top