HTML5 Frame-Navigation Policy Bypass Vulnerability

HTML5 Frame-Navigation Policy Bypass Vulnerability

CVE-2012-0445 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to bypass the HTML5 frame-navigation policy and replace arbitrary sub-frames by creating a form submission target with a sub-frame's name attribute.

Learn more about our Web Application Penetration Testing UK.