PT-2012-3675 · Mozilla+5 · Thunderbird+9

Paul Stone

Published

2012-06-05

Updated

2024-12-12

CVE-2012-1945

CVSS v2.0

2.9

Low

Vector

AV:A/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions 4.x through 12.0 Firefox ESR versions 10.x before 10.0.5 Thunderbird versions 5.0 through 12.0 Thunderbird ESR versions 10.x before 10.0.5 SeaMonkey versions prior to 2.10

Description The issue allows local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element. This can be demonstrated by a network share implemented by Microsoft Windows or Samba.

Recommendations For Mozilla Firefox versions 4.x through 12.0, update to a version later than 12.0. For Firefox ESR versions 10.x before 10.0.5, update to version 10.0.5 or later. For Thunderbird versions 5.0 through 12.0, update to a version later than 12.0. For Thunderbird ESR versions 10.x before 10.0.5, update to version 10.0.5 or later. For SeaMonkey versions prior to 2.10, update to version 2.10 or later.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CESA-2012_0710

CESA-2012_0715

CVE-2012-1945

OPENSUSE-SU-2014_1100-1

OPENSUSE-SU-2024:10071-1

OPENSUSE-SU-2024:10230-1

OPENSUSE-SU-2024:14572-1

RHSA-2012:0710

RHSA-2012:0715

RHSA-2012_0710

RHSA-2012_0715

Affected Products

Centos

Firefox Esr

Windows

Firefox

Red Hat

Samba

Seamonkey

Suse

Thunderbird

Thunderbird Esr

PT-2012-3675 · Mozilla+5 · Thunderbird+9

CVE-2012-1945

Weakness Enumeration

Related Identifiers

Affected Products

References · 3120