CVE-2012-1963

CVE Details

Release Date:2012-07-18
Impact:None What is this?

Description


The Content Security Policy (CSP) functionality in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly restrict the strings placed into the blocked-uri parameter of a violation report, which allows remote web servers to capture OpenID credentials and OAuth 2.0 access tokens by triggering a violation.

See more information about CVE-2012-1963 from MITRE CVE dictionary and NIST NVD


NOTE: The following CVSS metrics and score provided are preliminary and subject to review.


CVSS v2 metrics

Base Score: 4.3
Vector String: AV:N/AC:M/Au:N/C:P/I:N/A:N
Version: 2.0
Attack Vector: Network
Attack Complexity: Medium
Authentication: None
Confidentiality Impact: Partial
Integrity Impact: None
Availability Impact: None

Errata information


PlatformErrataRelease Date
Oracle Linux version 5 (firefox)ELSA-2012-10882012-07-17
Oracle Linux version 5 (xulrunner)ELSA-2012-10882012-07-17
Oracle Linux version 6 (firefox)ELSA-2012-10882012-07-17
Oracle Linux version 6 (thunderbird)ELSA-2012-10892012-07-17
Oracle Linux version 6 (xulrunner)ELSA-2012-10882012-07-17


This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

software.hardware.complete