CVE-2012-1964 — Vulnetix

Try Vulnetix Request Demo

CVE-2012-1964 PUBLISHED CVSS 4 MEDIUM

The certificate-warning functionality in browser/components/certerror/content/aboutCertError.xhtml in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.10 does not properly handle attempted clickjacking of the about:certerror page, which allows man-in-the-middle attackers to trick users into adding an unintended exception via an IFRAME element.

EPSS 0.90% · 75.5th percentile

Risk Scores

CVSS v2.0

4

EPSS Score

0.90%

75.5th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
mozilla	firefox	4.0, 4.0, 4.0
mozilla	thunderbird	5.0, 6.0, 6.0.1
mozilla	thunderbird_esr	10.0, 10.0.1, 10.0.2
mozilla	seamonkey	0, 1.0, 1.0

Timeline

Jul 18, 2012 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 10, 2023 EPSS Score

References

49977 third-party-advisory
49992 third-party-advisory
54581 vdb
RHSA-2012:1088 vendor-advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=633691 url
USN-1509-2 vendor-advisory
49979 third-party-advisory
SUSE-SU-2012:0895 vendor-advisory
49965 third-party-advisory
SUSE-SU-2012:0896 vendor-advisory
49994 third-party-advisory
openSUSE-SU-2012:0899 vendor-advisory
USN-1509-1 vendor-advisory
http://www.mozilla.org/security/announce/2012/mfsa2012-54.html url
49993 third-party-advisory
84011 vdb
49972 third-party-advisory
oval:org.mitre.oval:def:16783 vdb
https://nvd.nist.gov/vuln/detail/CVE-2012-1964 advisory

Open in Interactive Console →