Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2012-3973

Опубликовано: 28 авг. 2012
Источник: redhat
CVSS2: 6.8
EPSS Низкий

Описание

The debugger in the developer-tools subsystem in Mozilla Firefox before 15.0, when remote debugging is disabled, does not properly restrict access to the remote-debugging service, which allows remote attackers to execute arbitrary code by leveraging the presence of the HTTPMonitor extension and connecting to that service through the HTTPMonitor port.

Отчет

This issue does not affect the version of Firefox and Thunderbird package, as shipped with Red Hat Enterprise Linux 5 and 6.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5firefoxNot affected
Red Hat Enterprise Linux 5thunderbirdNot affected
Red Hat Enterprise Linux 6firefoxNot affected
Red Hat Enterprise Linux 6thunderbirdNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Critical
https://bugzilla.redhat.com/show_bug.cgi?id=851925Mozilla: HTTPMonitor extension allows for remote debugging without explicit activation (MFSA 2012-66)

EPSS

Процентиль: 86%
0.03046
Низкий

6.8 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2012-3973

ubuntu
больше 13 лет назад

The debugger in the developer-tools subsystem in Mozilla Firefox before 15.0, when remote debugging is disabled, does not properly restrict access to the remote-debugging service, which allows remote attackers to execute arbitrary code by leveraging the presence of the HTTPMonitor extension and connecting to that service through the HTTPMonitor port.

nvd логотип

CVE-2012-3973

nvd
больше 13 лет назад

The debugger in the developer-tools subsystem in Mozilla Firefox before 15.0, when remote debugging is disabled, does not properly restrict access to the remote-debugging service, which allows remote attackers to execute arbitrary code by leveraging the presence of the HTTPMonitor extension and connecting to that service through the HTTPMonitor port.

debian логотип

CVE-2012-3973

debian
больше 13 лет назад

The debugger in the developer-tools subsystem in Mozilla Firefox befor ...

github логотип

GHSA-rrwm-vm8h-54hm

github
больше 3 лет назад

The debugger in the developer-tools subsystem in Mozilla Firefox before 15.0, when remote debugging is disabled, does not properly restrict access to the remote-debugging service, which allows remote attackers to execute arbitrary code by leveraging the presence of the HTTPMonitor extension and connecting to that service through the HTTPMonitor port.

EPSS

Процентиль: 86%
0.03046
Низкий

6.8 Medium

CVSS2