Bug 863616 (CVE-2012-3984, CVE-2012-5354)
Summary: | CVE-2012-3984 CVE-2012-5354 Mozilla: Select element persistance allows for attacks (MFSA 2012-75) | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Huzaifa S. Sidhpurwala <huzaifas> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | urgent | Docs Contact: | |
Priority: | urgent | ||
Version: | unspecified | CC: | security-response-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-10-06 04:42:07 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 852611 |
Description
Huzaifa S. Sidhpurwala
2012-10-06 04:41:14 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2012-5354 to the following vulnerability: Name: CVE-2012-5354 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5354 Assigned: 20121010 Reference: http://www.mozilla.org/security/announce/2012/mfsa2012-75.html Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=726264 Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has multiple menus of SELECT elements active, which allows remote attackers to conduct clickjacking attacks via vectors involving an XPI file, the window.open method, and the Geolocation API, a different vulnerability than CVE-2012-3984. (This is a new one that MITRE assigned) Statement: Not vulnerable. This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5 and 6. |