CVE-2012-5883
Publication date 16 November 2012
Last updated 24 July 2024
Ubuntu priority
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| maas | ||
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty | Not in release | |
| yui | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty | Not in release | |
Notes
jdstrand
maas uses an embedded copy of yui 3.4.1 in 12.04 and portions of yui3 in 12.10 and higher per upstream, yui3 not affected
References
Other references
- https://bugzilla.mozilla.org/show_bug.cgi?id=808845
- http://yuilibrary.com/support/20121030-vulnerability/
- http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/
- http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/
- http://www.bugzilla.org/security/3.6.11/
- https://www.cve.org/CVERecord?id=CVE-2012-5883