CVE-2012-0460 Information

Feb 14, 2021 cve

Description

Mozilla Firefox 4.x through 10.0 Firefox ESR 10.x before 10.0.3 Thunderbird 5.0 through 10.0 Thunderbird ESR 10.x before 10.0.3 and SeaMonkey before 2.8 do not properly restrict write access to the window.fullScreen object which allows remote attackers to spoof the user interface via a crafted web page.

Reference

http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html http://rhn.redhat.com/errata/RHSA-2012-0387.html http://rhn.redhat.com/errata/RHSA-2012-0388.html http://secunia.com/advisories/48359 http://secunia.com/advisories/48402 http://secunia.com/advisories/48496 http://secunia.com/advisories/48513 http://secunia.com/advisories/48553 http://secunia.com/advisories/48561 http://secunia.com/advisories/48629 http://secunia.com/advisories/49055 http://www.mandriva.com/security/advisories?name=MDVSA-2012:032 http://www.mozilla.org/security/announce/2012/mfsa2012-18.html http://www.securitytracker.com/id?1026801 http://www.securitytracker.com/id?1026803 http://www.securitytracker.com/id?1026804 http://www.ubuntu.com/usn/USN-1400-1 http://www.ubuntu.com/usn/USN-1400-2 http://www.ubuntu.com/usn/USN-1400-3 http://www.ubuntu.com/usn/USN-1400-4 http://www.ubuntu.com/usn/USN-1400-5 https://bugzilla.mozilla.org/show_bug.cgi?id=727303 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A15114

Share on: