Mozilla Firefox prior to 16.0, Thunderbird prior to 16.0, and SeaMonkey prior to 2.13 do not properly handle navigation away from a web page that has multiple menus of SELECT elements active, which allows remote malicious users to conduct clickjacking attacks via vectors involving an XPI file, the window.open method, and the Geolocation API, a different vulnerability than CVE-2012-3984.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox |
||
mozilla seamonkey |
||
mozilla thunderbird |