Vulnerability Details : CVE-2012-3986
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils) methods, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code.
Vulnerability category: Input validation
Threat overview for CVE-2012-3986
Top countries where our scanners detected CVE-2012-3986
Top open port discovered on systems with this issue
8200
IPs affected by CVE-2012-3986 341
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2012-3986!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2012-3986
Probability of exploitation activity in the next 30 days: 0.61%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 76 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-3986
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2012-3986
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-3986
-
http://www.debian.org/security/2012/dsa-2569
Debian -- Security Information -- DSA-2569-1 icedoveThird Party Advisory
-
http://www.mozilla.org/security/announce/2012/mfsa2012-77.html
Some DOMWindowUtils methods bypass security checks — MozillaVendor Advisory
-
http://www.ubuntu.com/usn/USN-1611-1
USN-1611-1: Thunderbird vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2012:163
mandriva.comThird Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16834
Repository / Oval RepositoryThird Party Advisory
-
http://www.debian.org/security/2012/dsa-2565
Debian -- Security Information -- DSA-2565-1 iceweaselThird Party Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=775868
775868 - (CVE-2012-3986) several nsDOMWindowUtils methods available to untrusted codeIssue Tracking;Vendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html
[security-announce] SUSE-SU-2012:1351-1: important: Security update forMailing List;Third Party Advisory
-
http://www.debian.org/security/2012/dsa-2572
Debian -- Security Information -- DSA-2572-1 iceapeThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2012-1351.html
RHSA-2012:1351 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.securityfocus.com/bid/55922
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3986 Multiple Security Bypass VulnerabilitiesThird Party Advisory;VDB Entry
Products affected by CVE-2012-3986
- cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*
- cpe:2.3:o:suse:linux_enterprise_sdk:10:sp4:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*