The debugger in the developer-tools subsystem in Mozilla Firefox before 15.0, when remote debugging is disabled, does not properly restrict access to the remote-debugging service, which allows remote attackers to execute arbitrary code by leveraging the presence of the HTTPMonitor extension and connecting to that service through the HTTPMonitor port.
No CVSS v3.1
No CVSS v3.0
Access Vector Network
Access Complexity High
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete
AV:N/AC:H/Au:N/C:C/I:C/A:C
Vendors | Products |
---|---|
Mozilla |
|
Configuration 1 [-]
|
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2012-08-29T10:00:00
Updated: 2017-09-18T12:57:01
Reserved: 2012-07-11T00:00:00
Link: CVE-2012-3973
JSON object: View
NVD Information
Status : Modified
Published: 2012-08-29T10:56:41.037
Modified: 2017-09-19T01:35:13.730
Link: CVE-2012-3973
JSON object: View
Redhat Information
No data.
CWE