CVE-2012-1964 — Vulnetix

CVE-2012-1964 PUBLISHED CVSS 4 MEDIUM

The certificate-warning functionality in browser/components/certerror/content/aboutCertError.xhtml in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.10 does not properly handle attempted clickjacking of the about:certerror page, which allows man-in-the-middle attackers to trick users into adding an unintended exception via an IFRAME element.

EPSS 0.90% · 76.1th percentile

Risk Scores

CVSS 2.0

EPSS Score

0.90%

76.1th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
mozilla	firefox	4.0, 4.0, 4.0
mozilla	thunderbird	9.0, 6.0.2, 5.0
mozilla	thunderbird_esr	10.0.5, 10.0, 10.0.1
mozilla	seamonkey	1.1.7, 1.1.8, 1.1.9

Exploit Intelligence

49977 (circl)
49992 (circl)
54581 (circl)
RHSA-2012:1088 (circl)
https://bugzilla.mozilla.org/show_bug.cgi?id=633691 (circl)
USN-1509-2 (circl)
49979 (circl)
SUSE-SU-2012:0895 (circl)
49965 (circl)
SUSE-SU-2012:0896 (circl)

…and 8 more exploits

Timeline

Jul 18, 2012 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
May 14, 2022 CVE Updated
May 20, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Feb 9, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 2, 2023 EPSS Score
May 25, 2023 EPSS Score

References

49977 third-party-advisory
49992 third-party-advisory
54581 vdb
RHSA-2012:1088 vendor-advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=633691 url
USN-1509-2 vendor-advisory
49979 third-party-advisory
SUSE-SU-2012:0895 vendor-advisory
49965 third-party-advisory
SUSE-SU-2012:0896 vendor-advisory
49994 third-party-advisory
openSUSE-SU-2012:0899 vendor-advisory
USN-1509-1 vendor-advisory
http://www.mozilla.org/security/announce/2012/mfsa2012-54.html url
49993 third-party-advisory
84011 vdb
49972 third-party-advisory
oval:org.mitre.oval:def:16783 vdb
https://nvd.nist.gov/vuln/detail/CVE-2012-1964 advisory

Open in Interactive Console →