CVE-2012-1961

Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly handle duplicate values in X-Frame-Options headers, which makes it easier for remote attackers to conduct clickjacking attacks via a FRAME element referencing a web site that produces these duplicate values.

Published: Jul 18, 2012
Updated: Apr 13, 2023
CVE: CVE-2012-1961
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
mozilla / firefox	4.0-beta6	4.0-beta6.x
mozilla / firefox	4.0-beta1	4.0-beta1.x
mozilla / firefox	8.0	8.0.x
mozilla / firefox	4.0-beta9	4.0-beta9.x
mozilla / firefox	4.0-beta5	4.0-beta5.x
mozilla / firefox	4.0-beta8	4.0-beta8.x
mozilla / firefox	4.0-beta12	4.0-beta12.x
mozilla / firefox	4.0-beta3	4.0-beta3.x
mozilla / firefox	5.0.1	5.0.1.x
mozilla / firefox	5.0	5.0.x
mozilla / firefox	7.0	7.0.x
mozilla / firefox	6.0.2	6.0.2.x
mozilla / firefox	4.0-beta2	4.0-beta2.x
mozilla / firefox	4.0-beta4	4.0-beta4.x
mozilla / firefox	13.0	13.0.x
mozilla / firefox	4.0-beta10	4.0-beta10.x
mozilla / firefox	12.0-beta6	12.0-beta6.x
mozilla / firefox	6.0.1	6.0.1.x
mozilla / firefox	4.0	4.0.x
mozilla / firefox	11.0	11.0.x
mozilla / firefox	6.0	6.0.x
mozilla / firefox	7.0.1	7.0.1.x
mozilla / firefox	4.0-beta11	4.0-beta11.x
mozilla / firefox	12.0	12.0.x
mozilla / firefox	8.0.1	8.0.1.x
mozilla / firefox	9.0.1	9.0.1.x
mozilla / firefox	4.0-beta7	4.0-beta7.x
mozilla / firefox	9.0	9.0.x
mozilla / firefox	4.0.1	4.0.1.x
mozilla / firefox_esr	10.0	10.0.x
mozilla / firefox_esr	10.0.5	10.0.5.x
mozilla / firefox_esr	10.0.2	10.0.2.x
mozilla / firefox_esr	10.0.1	10.0.1.x
mozilla / firefox_esr	10.0.3	10.0.3.x
mozilla / firefox_esr	10.0.4	10.0.4.x
mozilla / thunderbird	10.0	10.0.x
mozilla / thunderbird	10.0.1	10.0.1.x
mozilla / thunderbird	7.0	7.0.x
mozilla / thunderbird	10.0.2	10.0.2.x
mozilla / thunderbird	13.0	13.0.x
mozilla / thunderbird	6.0.1	6.0.1.x
mozilla / thunderbird	5.0	5.0.x
mozilla / thunderbird	6.0.2	6.0.2.x
mozilla / thunderbird	8.0	8.0.x
mozilla / thunderbird	7.0.1	7.0.1.x
mozilla / thunderbird	11.0	11.0.x
mozilla / thunderbird	10.0.3	10.0.3.x
mozilla / thunderbird	12.0	12.0.x
mozilla / thunderbird	10.0.4	10.0.4.x
mozilla / thunderbird	9.0.1	9.0.1.x
mozilla / thunderbird	9.0	9.0.x
mozilla / thunderbird	6.0	6.0.x
mozilla / thunderbird_esr	10.0.3	10.0.3.x
mozilla / thunderbird_esr	10.0	10.0.x
mozilla / thunderbird_esr	10.0.4	10.0.4.x
mozilla / thunderbird_esr	10.0.2	10.0.2.x
mozilla / thunderbird_esr	10.0.5	10.0.5.x
mozilla / thunderbird_esr	10.0.1	10.0.1.x
mozilla / seamonkey	2.0.10	2.0.10.x
mozilla / seamonkey	1.1.10	1.1.10.x
mozilla / seamonkey	1.0.3	1.0.3.x
mozilla / seamonkey	2.0.13	2.0.13.x
mozilla / seamonkey	1.1.8	1.1.8.x
mozilla / seamonkey	1.0.1	1.0.1.x
mozilla / seamonkey	1.1.7	1.1.7.x
mozilla / seamonkey	1.5.0.10	1.5.0.10.x
mozilla / seamonkey	1.0.6	1.0.6.x
mozilla / seamonkey	1.0.9	1.0.9.x
mozilla / seamonkey	1.1.3	1.1.3.x
mozilla / seamonkey	2.0.4	2.0.4.x
mozilla / seamonkey	1.0	1.0.x
mozilla / seamonkey	2.1-alpha2	2.1-alpha2.x
mozilla / seamonkey	2.0.3	2.0.3.x
mozilla / seamonkey	2.0.2	2.0.2.x
mozilla / seamonkey	1.1.17	1.1.17.x
mozilla / seamonkey	2.0-alpha_2	2.0-alpha_2.x
mozilla / seamonkey	1.1.5	1.1.5.x
mozilla / seamonkey	2.0.8	2.0.8.x
mozilla / seamonkey	1.0.7	1.0.7.x
mozilla / seamonkey	1.0-beta	1.0-beta.x
mozilla / seamonkey	1.1-alpha	1.1-alpha.x
mozilla / seamonkey	2.0-rc2	2.0-rc2.x
mozilla / seamonkey	2.0-alpha_3	2.0-alpha_3.x
mozilla / seamonkey	1.0-alpha	1.0-alpha.x
mozilla / seamonkey	1.1.12	1.1.12.x
mozilla / seamonkey	2.0.12	2.0.12.x
mozilla / seamonkey	1.1	1.1.x
mozilla / seamonkey	1.1.14	1.1.14.x
mozilla / seamonkey	2.0.11	2.0.11.x
mozilla / seamonkey	1.1.2	1.1.2.x
mozilla / seamonkey	2.0-beta_2	2.0-beta_2.x
mozilla / seamonkey	1.0.2	1.0.2.x
mozilla / seamonkey	-	2.10.x
mozilla / seamonkey	2.1-rc1	2.1-rc1.x
mozilla / seamonkey	1.0.8	1.0.8.x
mozilla / seamonkey	2.1	2.1.x
mozilla / seamonkey	1.1.11	1.1.11.x
mozilla / seamonkey	2.0-alpha_1	2.0-alpha_1.x
mozilla / seamonkey	1.5.0.9	1.5.0.9.x
mozilla / seamonkey	1.1-beta	1.1-beta.x
mozilla / seamonkey	1.1.1	1.1.1.x
mozilla / seamonkey	2.0.9	2.0.9.x
mozilla / seamonkey	2.1-alpha1	2.1-alpha1.x
mozilla / seamonkey	1.5.0.8	1.5.0.8.x
mozilla / seamonkey	2.1-beta2	2.1-beta2.x
mozilla / seamonkey	2.0.1	2.0.1.x
mozilla / seamonkey	1.0.5	1.0.5.x
mozilla / seamonkey	1.1.15	1.1.15.x
mozilla / seamonkey	2.0.14	2.0.14.x
mozilla / seamonkey	1.1.6	1.1.6.x
mozilla / seamonkey	2.0.7	2.0.7.x
mozilla / seamonkey	1.1.16	1.1.16.x
mozilla / seamonkey	2.0-beta_1	2.0-beta_1.x
mozilla / seamonkey	2.1-rc2	2.1-rc2.x
mozilla / seamonkey	1.1.19	1.1.19.x
mozilla / seamonkey	2.1-beta1	2.1-beta1.x
mozilla / seamonkey	2.0.5	2.0.5.x
mozilla / seamonkey	2.1-beta3	2.1-beta3.x
mozilla / seamonkey	2.0-rc1	2.0-rc1.x
mozilla / seamonkey	1.0.4	1.0.4.x
mozilla / seamonkey	1.1.9	1.1.9.x
mozilla / seamonkey	1.1.13	1.1.13.x
mozilla / seamonkey	1.1.18	1.1.18.x
mozilla / seamonkey	2.0.6	2.0.6.x
mozilla / seamonkey	2.1-alpha3	2.1-alpha3.x
mozilla / seamonkey	2.0	2.0.x
mozilla / seamonkey	1.1.4	1.1.4.x

Vulnerability Database

289,697

CVE-2012-1961