CVE-2012-1967 - Spangled Moves

Description

Mozilla Firefox 4.x through 13.0 Firefox ESR 10.x before 10.0.6 Thunderbird 5.0 through 13.0 Thunderbird ESR 10.x before 10.0.6 and SeaMonkey before 2.11 do not properly implement the JavaScript sandbox utility which allows remote attackers to execute arbitrary JavaScript code with improper privileges via a javascript: URL.

Reference

https://bugzilla.mozilla.org/show_bug.cgi?id=758344 http://www.mozilla.org/security/announce/2012/mfsa2012-56.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html http://rhn.redhat.com/errata/RHSA-2012-1088.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00016.html http://www.debian.org/security/2012/dsa-2528 http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html http://www.debian.org/security/2012/dsa-2514 http://www.securitytracker.com/id?1027256 http://www.ubuntu.com/usn/USN-1509-2 http://secunia.com/advisories/49965 http://secunia.com/advisories/49972 http://www.ubuntu.com/usn/USN-1509-1 http://secunia.com/advisories/49992 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17025 http://www.ubuntu.com/usn/USN-1510-1 http://www.securitytracker.com/id?1027258 http://www.securitytracker.com/id?1027257 http://www.securityfocus.com/bid/54573 http://secunia.com/advisories/49994 http://secunia.com/advisories/49993 http://secunia.com/advisories/49979 http://secunia.com/advisories/49977 http://secunia.com/advisories/49968 http://secunia.com/advisories/49964 http://secunia.com/advisories/49963 http://osvdb.org/84013