CVE-2012-0958 - Vulnerability Details - OpenCVE

content/unity-api.js in the unity-firefox-extension extension 2.4.1 for Firefox exposes the toDataURL function in an API call, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted webpage.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ps Project Management Team	Unity-firefox-extension

Configuration 1 [-]

cpe:2.3:a:ps_project_management_team:unity-firefox-extension:2.4.1:-:*:*:*:firefox:*:*

No data.

References

Link	Providers
http://bazaar.launchpad.net/~webapps/unity-firefox-extension/trunk/revision/331
http://osvdb.org/88438
http://www.securityfocus.com/bid/56930
http://www.ubuntu.com/usn/USN-1665-1
https://bugs.launchpad.net/ubuntu/%2Bsource/unity-firefox-extension/%2Bbug/1069817

History

No history.

MITRE

Status: PUBLISHED

Assigner: canonical

Published: 2012-12-26T22:00:00Z

Updated: 2024-09-16T22:36:46.736Z

Reserved: 2012-02-01T00:00:00Z

Link: CVE-2012-0958

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2012-12-26T22:55:02.800

Modified: 2025-04-11T00:51:21.963

Link: CVE-2012-0958

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "content/unity-api.js in the unity-firefox-extension extension 2.4.1 for Firefox exposes the toDataURL function in an API call, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted webpage."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-12-26T22:00:00Z", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical"}, "references": [{"name": "USN-1665-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1665-1"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.launchpad.net/ubuntu/%2Bsource/unity-firefox-extension/%2Bbug/1069817"}, {"name": "56930", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/56930"}, {"name": "88438", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/88438"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bazaar.launchpad.net/~webapps/unity-firefox-extension/trunk/revision/331"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@ubuntu.com", "ID": "CVE-2012-0958", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "content/unity-api.js in the unity-firefox-extension extension 2.4.1 for Firefox exposes the toDataURL function in an API call, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted webpage."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "USN-1665-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1665-1"}, {"name": "https://bugs.launchpad.net/ubuntu/%2Bsource/unity-firefox-extension/%2Bbug/1069817", "refsource": "MISC", "url": "https://bugs.launchpad.net/ubuntu/%2Bsource/unity-firefox-extension/%2Bbug/1069817"}, {"name": "56930", "refsource": "BID", "url": "http://www.securityfocus.com/bid/56930"}, {"name": "88438", "refsource": "OSVDB", "url": "http://osvdb.org/88438"}, {"name": "http://bazaar.launchpad.net/~webapps/unity-firefox-extension/trunk/revision/331", "refsource": "CONFIRM", "url": "http://bazaar.launchpad.net/~webapps/unity-firefox-extension/trunk/revision/331"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T18:45:26.353Z"}, "title": "CVE Program Container", "references": [{"name": "USN-1665-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1665-1"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.launchpad.net/ubuntu/%2Bsource/unity-firefox-extension/%2Bbug/1069817"}, {"name": "56930", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/56930"}, {"name": "88438", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/88438"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bazaar.launchpad.net/~webapps/unity-firefox-extension/trunk/revision/331"}]}]}, "cveMetadata": {"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2012-0958", "datePublished": "2012-12-26T22:00:00Z", "dateReserved": "2012-02-01T00:00:00Z", "dateUpdated": "2024-09-16T22:36:46.736Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ps_project_management_team:unity-firefox-extension:2.4.1:-:*:*:*:firefox:*:*", "matchCriteriaId": "385A6B64-7612-48AB-8579-D28636DBB03E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "content/unity-api.js in the unity-firefox-extension extension 2.4.1 for Firefox exposes the toDataURL function in an API call, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted webpage."}, {"lang": "es", "value": "content/unity-api.js en la extensi\u00f3n unity-firefox-extensi\u00f3n para Firefox v2.4.1 expone la funci\u00f3n toDataURL en una llamada a la API, lo que permite a atacantes remotos evitar la pol\u00edtica del mismo origen y obtener informaci\u00f3n sensible a trav\u00e9s de una p\u00e1gina web modificada para tal fin.\r\n"}], "id": "CVE-2012-0958", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2012-12-26T22:55:02.800", "references": [{"source": "security@ubuntu.com", "url": "http://bazaar.launchpad.net/~webapps/unity-firefox-extension/trunk/revision/331"}, {"source": "security@ubuntu.com", "url": "http://osvdb.org/88438"}, {"source": "security@ubuntu.com", "url": "http://www.securityfocus.com/bid/56930"}, {"source": "security@ubuntu.com", "url": "http://www.ubuntu.com/usn/USN-1665-1"}, {"source": "security@ubuntu.com", "url": "https://bugs.launchpad.net/ubuntu/%2Bsource/unity-firefox-extension/%2Bbug/1069817"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bazaar.launchpad.net/~webapps/unity-firefox-extension/trunk/revision/331"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/88438"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/56930"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-1665-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugs.launchpad.net/ubuntu/%2Bsource/unity-firefox-extension/%2Bbug/1069817"}], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}