CVE-2012-1955

Current Description

Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to spoof the address bar via vectors involving history.forward and history.back calls.

Basic Data

PublishedJuly 18, 2012
Last ModifiedDecember 29, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score6.8
SeverityMEDIUM
Exploitability Score8.6
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationMozillaFirefox4.0*******
    2.3ApplicationMozillaFirefox4.0beta1******
    2.3ApplicationMozillaFirefox4.0beta10******
    2.3ApplicationMozillaFirefox4.0beta11******
    2.3ApplicationMozillaFirefox4.0beta12******
    2.3ApplicationMozillaFirefox4.0beta2******
    2.3ApplicationMozillaFirefox4.0beta3******
    2.3ApplicationMozillaFirefox4.0beta4******
    2.3ApplicationMozillaFirefox4.0beta5******
    2.3ApplicationMozillaFirefox4.0beta6******
    2.3ApplicationMozillaFirefox4.0beta7******
    2.3ApplicationMozillaFirefox4.0beta8******
    2.3ApplicationMozillaFirefox4.0beta9******
    2.3ApplicationMozillaFirefox4.0.1*******
    2.3ApplicationMozillaFirefox5.0*******
    2.3ApplicationMozillaFirefox5.0.1*******
    2.3ApplicationMozillaFirefox6.0*******
    2.3ApplicationMozillaFirefox6.0.1*******
    2.3ApplicationMozillaFirefox6.0.2*******
    2.3ApplicationMozillaFirefox7.0*******
    2.3ApplicationMozillaFirefox7.0.1*******
    2.3ApplicationMozillaFirefox8.0*******
    2.3ApplicationMozillaFirefox8.0.1*******
    2.3ApplicationMozillaFirefox9.0*******
    2.3ApplicationMozillaFirefox9.0.1*******
    2.3ApplicationMozillaFirefox11.0*******
    2.3ApplicationMozillaFirefox12.0*******
    2.3ApplicationMozillaFirefox12.0beta6******
    2.3ApplicationMozillaFirefox13.0*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationMozillaFirefox Esr10.0*******
    2.3ApplicationMozillaFirefox Esr10.0.1*******
    2.3ApplicationMozillaFirefox Esr10.0.2*******
    2.3ApplicationMozillaFirefox Esr10.0.3*******
    2.3ApplicationMozillaFirefox Esr10.0.4*******
    2.3ApplicationMozillaFirefox Esr10.0.5*******
  • OR - Configuration 3
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationMozillaThunderbird5.0*******
    2.3ApplicationMozillaThunderbird6.0*******
    2.3ApplicationMozillaThunderbird6.0.1*******
    2.3ApplicationMozillaThunderbird6.0.2*******
    2.3ApplicationMozillaThunderbird7.0*******
    2.3ApplicationMozillaThunderbird7.0.1*******
    2.3ApplicationMozillaThunderbird8.0*******
    2.3ApplicationMozillaThunderbird9.0*******
    2.3ApplicationMozillaThunderbird9.0.1*******
    2.3ApplicationMozillaThunderbird10.0*******
    2.3ApplicationMozillaThunderbird10.0.1*******
    2.3ApplicationMozillaThunderbird10.0.2*******
    2.3ApplicationMozillaThunderbird10.0.3*******
    2.3ApplicationMozillaThunderbird10.0.4*******
    2.3ApplicationMozillaThunderbird11.0*******
    2.3ApplicationMozillaThunderbird12.0*******
    2.3ApplicationMozillaThunderbird13.0*******
  • OR - Configuration 4
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationMozillaThunderbird Esr10.0*******
    2.3ApplicationMozillaThunderbird Esr10.0.1*******
    2.3ApplicationMozillaThunderbird Esr10.0.2*******
    2.3ApplicationMozillaThunderbird Esr10.0.3*******
    2.3ApplicationMozillaThunderbird Esr10.0.4*******
    2.3ApplicationMozillaThunderbird Esr10.0.5*******
  • OR - Configuration 5
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationMozillaSeamonkey1.0*******
    2.3ApplicationMozillaSeamonkey1.0alpha******
    2.3ApplicationMozillaSeamonkey1.0beta******
    2.3ApplicationMozillaSeamonkey1.0.1*******
    2.3ApplicationMozillaSeamonkey1.0.2*******
    2.3ApplicationMozillaSeamonkey1.0.3*******
    2.3ApplicationMozillaSeamonkey1.0.4*******
    2.3ApplicationMozillaSeamonkey1.0.5*******
    2.3ApplicationMozillaSeamonkey1.0.6*******
    2.3ApplicationMozillaSeamonkey1.0.7*******
    2.3ApplicationMozillaSeamonkey1.0.8*******
    2.3ApplicationMozillaSeamonkey1.0.9*******
    2.3ApplicationMozillaSeamonkey1.1*******
    2.3ApplicationMozillaSeamonkey1.1alpha******
    2.3ApplicationMozillaSeamonkey1.1beta******
    2.3ApplicationMozillaSeamonkey1.1.1*******
    2.3ApplicationMozillaSeamonkey1.1.2*******
    2.3ApplicationMozillaSeamonkey1.1.3*******
    2.3ApplicationMozillaSeamonkey1.1.4*******
    2.3ApplicationMozillaSeamonkey1.1.5*******
    2.3ApplicationMozillaSeamonkey1.1.6*******
    2.3ApplicationMozillaSeamonkey1.1.7*******
    2.3ApplicationMozillaSeamonkey1.1.8*******
    2.3ApplicationMozillaSeamonkey1.1.9*******
    2.3ApplicationMozillaSeamonkey1.1.10*******
    2.3ApplicationMozillaSeamonkey1.1.11*******
    2.3ApplicationMozillaSeamonkey1.1.12*******
    2.3ApplicationMozillaSeamonkey1.1.13*******
    2.3ApplicationMozillaSeamonkey1.1.14*******
    2.3ApplicationMozillaSeamonkey1.1.15*******
    2.3ApplicationMozillaSeamonkey1.1.16*******
    2.3ApplicationMozillaSeamonkey1.1.17*******
    2.3ApplicationMozillaSeamonkey1.1.18*******
    2.3ApplicationMozillaSeamonkey1.1.19*******
    2.3ApplicationMozillaSeamonkey1.5.0.8*******
    2.3ApplicationMozillaSeamonkey1.5.0.9*******
    2.3ApplicationMozillaSeamonkey1.5.0.10*******
    2.3ApplicationMozillaSeamonkey2.0*******
    2.3ApplicationMozillaSeamonkey2.0alpha_1******
    2.3ApplicationMozillaSeamonkey2.0alpha_2******
    2.3ApplicationMozillaSeamonkey2.0alpha_3******
    2.3ApplicationMozillaSeamonkey2.0beta_1******
    2.3ApplicationMozillaSeamonkey2.0beta_2******
    2.3ApplicationMozillaSeamonkey2.0rc1******
    2.3ApplicationMozillaSeamonkey2.0rc2******
    2.3ApplicationMozillaSeamonkey2.0.1*******
    2.3ApplicationMozillaSeamonkey2.0.2*******
    2.3ApplicationMozillaSeamonkey2.0.3*******
    2.3ApplicationMozillaSeamonkey2.0.4*******
    2.3ApplicationMozillaSeamonkey2.0.5*******
    2.3ApplicationMozillaSeamonkey2.0.6*******
    2.3ApplicationMozillaSeamonkey2.0.7*******
    2.3ApplicationMozillaSeamonkey2.0.8*******
    2.3ApplicationMozillaSeamonkey2.0.9*******
    2.3ApplicationMozillaSeamonkey2.0.10*******
    2.3ApplicationMozillaSeamonkey2.0.11*******
    2.3ApplicationMozillaSeamonkey2.0.12*******
    2.3ApplicationMozillaSeamonkey2.0.13*******
    2.3ApplicationMozillaSeamonkey2.0.14*******
    2.3ApplicationMozillaSeamonkey2.1*******
    2.3ApplicationMozillaSeamonkey2.1alpha1******
    2.3ApplicationMozillaSeamonkey2.1alpha2******
    2.3ApplicationMozillaSeamonkey2.1alpha3******
    2.3ApplicationMozillaSeamonkey2.1beta1******
    2.3ApplicationMozillaSeamonkey2.1beta2******
    2.3ApplicationMozillaSeamonkey2.1beta3******
    2.3ApplicationMozillaSeamonkey2.1rc1******
    2.3ApplicationMozillaSeamonkey2.1rc2******
    2.3ApplicationMozillaSeamonkey********2.10

Vulnerable Software List

VendorProductVersions
Mozilla Firefox 11.0, 12.0, 13.0, 4.0, 4.0.1, 5.0, 5.0.1, 6.0, 6.0.1, 6.0.2, 7.0, 7.0.1, 8.0, 8.0.1, 9.0, 9.0.1
Mozilla Thunderbird 10.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, 11.0, 12.0, 13.0, 5.0, 6.0, 6.0.1, 6.0.2, 7.0, 7.0.1, 8.0, 9.0, 9.0.1
Mozilla Seamonkey *, 1.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.0.8, 1.0.9, 1.1, 1.1.1, 1.1.10, 1.1.11, 1.1.12, 1.1.13, 1.1.14, 1.1.15, 1.1.16, 1.1.17, 1.1.18, 1.1.19, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.1.7, 1.1.8, 1.1.9, 1.5.0.10, 1.5.0.8, 1.5.0.9, 2.0, 2.0.1, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.1
Mozilla Firefox Esr 10.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, 10.0.5
Mozilla Thunderbird Esr 10.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, 10.0.5

References

NameSourceURLTags
SUSE-SU-2012:0895http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.htmlSUSE
SUSE-SU-2012:0896http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.htmlSUSE
openSUSE-SU-2012:0899http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.htmlSUSE
openSUSE-SU-2012:0917http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00016.htmlSUSE
83996http://osvdb.org/83996OSVDB
RHSA-2012:1088http://rhn.redhat.com/errata/RHSA-2012-1088.htmlREDHAT
49965http://secunia.com/advisories/49965SECUNIA
49968http://secunia.com/advisories/49968SECUNIA
49972http://secunia.com/advisories/49972SECUNIA
49977http://secunia.com/advisories/49977SECUNIA
49979http://secunia.com/advisories/49979SECUNIA
49992http://secunia.com/advisories/49992SECUNIA
49993http://secunia.com/advisories/49993SECUNIA
49994http://secunia.com/advisories/49994SECUNIA
http://www.mozilla.org/security/announce/2012/mfsa2012-45.htmlhttp://www.mozilla.org/security/announce/2012/mfsa2012-45.htmlCONFIRMVendor Advisory
54586http://www.securityfocus.com/bid/54586BID
1027256http://www.securitytracker.com/id?1027256SECTRACK
1027257http://www.securitytracker.com/id?1027257SECTRACK
1027258http://www.securitytracker.com/id?1027258SECTRACK
USN-1509-1http://www.ubuntu.com/usn/USN-1509-1UBUNTU
USN-1509-2http://www.ubuntu.com/usn/USN-1509-2UBUNTU
USN-1510-1http://www.ubuntu.com/usn/USN-1510-1UBUNTU
https://bugzilla.mozilla.org/show_bug.cgi?id=757376https://bugzilla.mozilla.org/show_bug.cgi?id=757376CONFIRM
oval:org.mitre.oval:def:17004https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17004OVAL