General : Mozilla Firefox Security Advisory (MFSA2012-03)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.2.1.2012.03

Category: General

Title: Mozilla Firefox Security Advisory (MFSA2012-03) - Linux

Summary: This host is missing a security update for Mozilla Firefox.

Description: Summary:
This host is missing a security update for Mozilla Firefox.

Vulnerability Insight:
element exposed across domains via name attribute<br>Vitaly Nevgen reported that an attacker could replace a<br>sub-frame in another domain's document by using the name attribute of the<br>sub-frame as a form submission target. This can potentially allow for phishing<br>attacks against users and violates the HTML5 frame navigation policy.<br><br>Affected Software/OS:<br>Firefox version(s) below 10.<br><br>Solution:<br>The vendor has released an update. Please see the reference(s) for more information.<br><br>CVSS Score:<br>5.0<br><br>CVSS Vector:<br>AV:N/AC:L/Au:N/C:N/I:P/A:N<br><br></td></tr> <tr><td class=std valign=top>Cross-Ref:</td><td class=std> <a href="/smysecure/catid.html?ctype=cve&id=CVE-2012-0445">Common Vulnerability Exposure (CVE) ID: CVE-2012-0445</a><br> <a href="http://www.securityfocus.com/bid/51765">BugTraq ID: 51765</a><br> <a href="http://www.securityfocus.com/bid/51765">http://www.securityfocus.com/bid/51765</a><br> <a href="http://www.mandriva.com/security/advisories?name=MDVSA-2012:013">http://www.mandriva.com/security/advisories?name=MDVSA-2012:013</a><br> <a href="http://osvdb.org/78735">http://osvdb.org/78735</a><br> <a href="https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14907">https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14907</a><br> <a href="http://secunia.com/advisories/49055">http://secunia.com/advisories/49055</a><br> <a href="http://www.google.com/search?q=openSUSE-SU-2012:0234&ie=UTF-8&oe=UTF-8&hl=en">SuSE Security Announcement: openSUSE-SU-2012:0234 (Google Search)</a><br> <a href="http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html">http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html</a><br> <a href="http://www.iss.net/security_center/static/72835.php">XForce ISS Database: mozilla-iframeelement-security-bypass(72835)</a><br> <a href="https://exchange.xforce.ibmcloud.com/vulnerabilities/72835">https://exchange.xforce.ibmcloud.com/vulnerabilities/72835</a><br> </td></tr> <tr><td class=std valign=top>Copyright</td><td class=std>Copyright (C) 2021 Greenbone Networks GmbH</td></tr> </table><P><P> <table BORDER=1 cellspacing=0 cellpadding=5 bgcolor=#eeffee><tr><td class=std valign=top>This is only one of <a href="index.html#cate"><b>145615</b> vulnerability tests</a> in our test suite. Find out more about running a <a href='../smysecure/index.html'>complete security audit</a>.<p>To run a free test of this vulnerability against your system, register below.</td></tr></table><P><P> <br> </div> </div> <br> <hr> <P> <center><div class=xsmall>© 1998-2025 E-Soft Inc. All rights reserved.</div></center> <p> <div id=footer><script>oHelpGlobals.state = ""; </script> <div class=hide id=hsqhelptitle></div> <div class=hide id=hsqhelptext><div class=std></div></div> </div></body> </html>

Test ID:	1.3.6.1.4.1.25623.1.2.1.2012.03
Category:	General
Title:	Mozilla Firefox Security Advisory (MFSA2012-03) - Linux
Summary:	This host is missing a security update for Mozilla Firefox.
Description:	Summary: This host is missing a security update for Mozilla Firefox. Vulnerability Insight: element exposed across domains via name attribute<br>Vitaly Nevgen reported that an attacker could replace a<br>sub-frame in another domain's document by using the name attribute of the<br>sub-frame as a form submission target. This can potentially allow for phishing<br>attacks against users and violates the HTML5 frame navigation policy.<br><br>Affected Software/OS:<br>Firefox version(s) below 10.<br><br>Solution:<br>The vendor has released an update. Please see the reference(s) for more information.<br><br>CVSS Score:<br>5.0<br><br>CVSS Vector:<br>AV:N/AC:L/Au:N/C:N/I:P/A:N<br><br></td></tr> <tr><td class=std valign=top>Cross-Ref:</td><td class=std> <a href="/smysecure/catid.html?ctype=cve&id=CVE-2012-0445">Common Vulnerability Exposure (CVE) ID: CVE-2012-0445</a><br> <a href="http://www.securityfocus.com/bid/51765">BugTraq ID: 51765</a><br> <a href="http://www.securityfocus.com/bid/51765">http://www.securityfocus.com/bid/51765</a><br> <a href="http://www.mandriva.com/security/advisories?name=MDVSA-2012:013">http://www.mandriva.com/security/advisories?name=MDVSA-2012:013</a><br> <a href="http://osvdb.org/78735">http://osvdb.org/78735</a><br> <a href="https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14907">https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14907</a><br> <a href="http://secunia.com/advisories/49055">http://secunia.com/advisories/49055</a><br> <a href="http://www.google.com/search?q=openSUSE-SU-2012:0234&ie=UTF-8&oe=UTF-8&hl=en">SuSE Security Announcement: openSUSE-SU-2012:0234 (Google Search)</a><br> <a href="http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html">http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html</a><br> <a href="http://www.iss.net/security_center/static/72835.php">XForce ISS Database: mozilla-iframeelement-security-bypass(72835)</a><br> <a href="https://exchange.xforce.ibmcloud.com/vulnerabilities/72835">https://exchange.xforce.ibmcloud.com/vulnerabilities/72835</a><br> </td></tr> <tr><td class=std valign=top>Copyright</td><td class=std>Copyright (C) 2021 Greenbone Networks GmbH</td></tr> </table><P><P> <table BORDER=1 cellspacing=0 cellpadding=5 bgcolor=#eeffee><tr><td class=std valign=top>This is only one of <a href="index.html#cate"><b>145615</b> vulnerability tests</a> in our test suite. Find out more about running a <a href='../smysecure/index.html'>complete security audit</a>.<p>To run a free test of this vulnerability against your system, register below.</td></tr></table><P><P> <br> </div> </div> <br> <hr> <P> <center><div class=xsmall>© 1998-2025 E-Soft Inc. All rights reserved.</div></center> <p> <div id=footer><script>oHelpGlobals.state = ""; </script> <div class=hide id=hsqhelptitle></div> <div class=hide id=hsqhelptext><div class=std></div></div> </div></body> </html>