Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to bypass the HTML5 frame-navigation policy and replace arbitrary sub-frames by creating a form submission target with a sub-frame's name attribute.
Metrics
No CVSS v4.0
No CVSS v3.1
No CVSS v3.0
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact Partial
Availability Impact None
AV:N/AC:L/Au:N/C:N/I:P/A:N
This CVE is not in the KEV list.
Key SSVC decision points have not yet been added.
Affected Vendors & Products
Vendors | Products |
---|---|
Mozilla |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
No data.
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2012-02-01T16:00:00
Updated: 2024-08-06T18:23:31.045Z
Reserved: 2012-01-09T00:00:00
Link: CVE-2012-0445
Vulnrichment
No data.
NVD
Status : Modified
Published: 2012-02-01T16:55:01.053
Modified: 2017-09-19T01:34:32.790
Link: CVE-2012-0445
Redhat
No data.