QwikSec

Security Database

CVE

CWE

Training

CVE-2012-3976

Published: Aug 29, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate information in the address bar via a crafted web page.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.mozilla.org/security/announce/2012/mfsa2012-69.html

x_refsource_CONFIRM

https://bugzilla.mozilla.org/show_bug.cgi?id=768568

x_refsource_CONFIRM

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_REDHAT

SUSE-SU-2012:1167

vendor-advisory

x_refsource_SUSE

vdb-entry

x_refsource_BID

SUSE-SU-2012:1157

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2012:1065

vendor-advisory

x_refsource_SUSE

http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf

x_refsource_CONFIRM

oval:org.mitre.oval:def:16060

vdb-entry

signature

x_refsource_OVAL

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.