The certificate-warning functionality in browser/components/certerror/content/aboutCertError.xhtml in Mozilla Firefox 4.x up to and including 12.0, Firefox ESR 10.x prior to 10.0.6, Thunderbird 5.0 up to and including 12.0, Thunderbird ESR 10.x prior to 10.0.6, and SeaMonkey prior to 2.10 does not properly handle attempted clickjacking of the about:certerror page, which allows man-in-the-middle malicious users to trick users into adding an unintended exception via an IFRAME element.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
mozilla firefox 4.0.1 |
||
mozilla firefox 4.0 |
||
mozilla firefox 6.0.2 |
||
mozilla firefox 6.0.1 |
||
mozilla firefox 11.0 |
||
mozilla firefox 12.0 |
||
mozilla firefox 7.0.1 |
||
mozilla firefox 7.0 |
||
mozilla firefox 13.0 |
||
mozilla firefox 5.0 |
||
mozilla firefox 8.0 |
||
mozilla firefox 8.0.1 |
||
mozilla firefox 5.0.1 |
||
mozilla firefox 6.0 |
||
mozilla firefox 9.0.1 |
||
mozilla firefox 9.0 |
||
mozilla firefox esr 10.0 |
||
mozilla firefox esr 10.0.5 |
||
mozilla firefox esr 10.0.1 |
||
mozilla firefox esr 10.0.2 |
||
mozilla firefox esr 10.0.3 |
||
mozilla firefox esr 10.0.4 |
||
mozilla thunderbird 7.0 |
||
mozilla thunderbird 8.0 |
||
mozilla thunderbird 10.0.4 |
||
mozilla thunderbird 11.0 |
||
mozilla thunderbird 5.0 |
||
mozilla thunderbird 9.0.1 |
||
mozilla thunderbird 9.0 |
||
mozilla thunderbird 12.0 |
||
mozilla thunderbird 13.0 |
||
mozilla thunderbird 6.0 |
||
mozilla thunderbird 6.0.1 |
||
mozilla thunderbird 10.0.2 |
||
mozilla thunderbird 10.0.3 |
||
mozilla thunderbird 6.0.2 |
||
mozilla thunderbird 7.0.1 |
||
mozilla thunderbird 10.0.1 |
||
mozilla thunderbird 10.0 |
||
mozilla thunderbird esr 10.0.1 |
||
mozilla thunderbird esr 10.0.2 |
||
mozilla thunderbird esr 10.0.5 |
||
mozilla thunderbird esr 10.0.3 |
||
mozilla thunderbird esr 10.0.4 |
||
mozilla thunderbird esr 10.0 |
||
mozilla seamonkey 2.1 |
||
mozilla seamonkey 2.0.6 |
||
mozilla seamonkey 2.0.5 |
||
mozilla seamonkey 2.0 |
||
mozilla seamonkey 2.0.4 |
||
mozilla seamonkey 1.1.19 |
||
mozilla seamonkey 1.1.18 |
||
mozilla seamonkey 1.1.15 |
||
mozilla seamonkey 1.1.11 |
||
mozilla seamonkey 1.1.4 |
||
mozilla seamonkey 2.0.2 |
||
mozilla seamonkey 2.0.1 |
||
mozilla seamonkey 2.0.12 |
||
mozilla seamonkey 1.1.8 |
||
mozilla seamonkey 1.1.17 |
||
mozilla seamonkey 1.1.6 |
||
mozilla seamonkey 1.1.9 |
||
mozilla seamonkey 1.1.12 |
||
mozilla seamonkey 1.5.0.8 |
||
mozilla seamonkey 1.5.0.9 |
||
mozilla seamonkey 2.0.8 |
||
mozilla seamonkey 2.0.7 |
||
mozilla seamonkey 2.0.13 |
||
mozilla seamonkey 2.0.10 |
||
mozilla seamonkey 1.1.7 |
||
mozilla seamonkey 1.1.16 |
||
mozilla seamonkey 1.1 |
||
mozilla seamonkey 1.0 |
||
mozilla seamonkey 1.0.9 |
||
mozilla seamonkey 1.0.8 |
||
mozilla seamonkey 1.0.1 |
||
mozilla seamonkey 1.1.2 |
||
mozilla seamonkey 1.1.13 |
||
mozilla seamonkey 1.0.2 |
||
mozilla seamonkey |
||
mozilla seamonkey 1.1.5 |
||
mozilla seamonkey 1.5.0.10 |
||
mozilla seamonkey 1.1.3 |
||
mozilla seamonkey 1.0.5 |
||
mozilla seamonkey 1.0.4 |
||
mozilla seamonkey 1.0.3 |
||
mozilla seamonkey 2.0.11 |
||
mozilla seamonkey 2.0.9 |
||
mozilla seamonkey 2.0.3 |
||
mozilla seamonkey 1.1.1 |
||
mozilla seamonkey 1.1.14 |
||
mozilla seamonkey 1.1.10 |
||
mozilla seamonkey 1.0.7 |
||
mozilla seamonkey 1.0.6 |
Vulmon