CVE-2012-5354
First published: Wed Oct 10 2012(Updated: )
Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has multiple menus of SELECT elements active, which allows remote attackers to conduct clickjacking attacks via vectors involving an XPI file, the window.open method, and the Geolocation API, a different vulnerability than CVE-2012-3984.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Firefox | <16.0 | |
| Mozilla SeaMonkey | <2.13 | |
| Thunderbird | <16.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2012-5354?
CVE-2012-5354 is classified as a high severity vulnerability due to the potential for clickjacking attacks.
How do I fix CVE-2012-5354?
To fix CVE-2012-5354, update Mozilla Firefox, Thunderbird, or SeaMonkey to their respective versions 16.0 or higher and 2.13 or higher.
What software is affected by CVE-2012-5354?
CVE-2012-5354 affects Mozilla Firefox versions before 16.0, Thunderbird versions before 16.0, and SeaMonkey versions before 2.13.
What type of attacks can CVE-2012-5354 facilitate?
CVE-2012-5354 can facilitate clickjacking attacks, allowing remote attackers to manipulate user interactions with web elements.
Is there a workaround for CVE-2012-5354?
There are no specific workarounds for CVE-2012-5354; upgrading to the latest software versions is the recommended approach.
- agent/references
- agent/type
- agent/severity
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/mozilla
- canonical/firefox
- canonical/mozilla seamonkey
- canonical/thunderbird