CVE-2012-3984 - Vulnerability Details

Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has a SELECT element's menu active, which allows remote attackers to spoof page content via vectors involving absolute positioning and scrolling.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Canonical	Ubuntu Linux
Mozilla	Firefox Seamonkey Thunderbird
Suse	Linux Enterprise Desktop Linux Enterprise Server

Configuration 1 [-]

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:seamonkey::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::

Configuration 2 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:10.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:11.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:11.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::

Configuration 3 [-]

OR	cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4::::::
	cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2::::::
	cpe:2.3:o:suse:linux_enterprise_server:10:sp4:::-:::*
	cpe:2.3:o:suse:linux_enterprise_server:11:sp2::::vmware::*
	cpe:2.3:o:suse:linux_enterprise_server:11:sp2:::-:::*

No data.

References

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html
http://secunia.com/advisories/50856
http://secunia.com/advisories/50892
http://secunia.com/advisories/50904
http://secunia.com/advisories/50935
http://secunia.com/advisories/50984
http://www.mozilla.org/security/announce/2012/mfsa2012-75.html
http://www.ubuntu.com/usn/USN-1611-1
https://bugzilla.mozilla.org/show_bug.cgi?id=575294
https://nvd.nist.gov/vuln/detail/CVE-2012-3984
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16184
https://www.cve.org/CVERecord?id=CVE-2012-3984

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2012-10-10T17:00:00

Updated: 2024-08-06T20:21:04.074Z

Reserved: 2012-07-11T00:00:00

Link: CVE-2012-3984

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2012-10-10T17:55:01.567

Modified: 2025-04-11T00:51:21.963

Link: CVE-2012-3984

Redhat

Severity : Critical

Publid Date: 2012-10-09T00:00:00Z

Links: CVE-2012-3984 - Bugzilla

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object