Home > Vulnerability Database > CVE-2012-5354

Mend.io Vulnerability Database

CVE-2012-5354

Date: October 10, 2012

Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has multiple menus of SELECT elements active, which allows remote attackers to conduct clickjacking attacks via vectors involving an XPI file, the window.open method, and the Geolocation API, a different vulnerability than CVE-2012-3984.

Severity Score

6.1

Related Resources (9)

Url: http://secunia.com/advisories/50856

Url: http://www.mozilla.org/security/announce/2012/mfsa2012-75.html

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=726264

Url: https://nvd.nist.gov/vuln/detail/CVE-2012-5354

Url: http://secunia.com/advisories/50935

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16972

Url: http://osvdb.org/86171

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2012-5354

Url: https://www.mend.io/vulnerability-database/CVE-2012-5354

Severity Score

6.1

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2012-5354

Date: October 10, 2012

Severity Score

Related Resources (9)

Severity Score

CVSS v3.1

CVSS v2

Do you need more information?