CVE-2012-1945

Impact:
Moderate
Public Date:
2012-06-05
Bugzilla:
827831: CVE-2012-1945 Mozilla: Information disclosure though Windows file shares and shortcut files (MFSA 2012-37)

The MITRE CVE dictionary describes this issue as:

Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba.

Find out more about CVE-2012-1945 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 4.3
Base Metrics AV:N/AC:M/Au:N/C:P/I:N/A:N
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 6 (thunderbird) RHSA-2012:0715 2012-06-06
Red Hat Enterprise Linux 5 (thunderbird) RHSA-2012:0715 2012-06-06
Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server) (thunderbird) RHSA-2012:0715 2012-06-06
Red Hat Enterprise Linux 5 (firefox) RHSA-2012:0710 2012-06-05
Red Hat Enterprise Linux 6 (firefox) RHSA-2012:0710 2012-06-05

Acknowledgements

Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges security researcher Paul Stone as the original reporter.

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.