CVE-2012-4195

 

Published at: - 29-10-2012 07:55

Last modified: - 24-09-2022 03:03

Total changes: - 2

Description

The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 does not properly determine the calling document and principal in its return value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, and makes it easier for remote attackers to execute arbitrary JavaScript code by leveraging certain add-on behavior.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:M/Au:N/C:N/I:P/A:N

 

Verification logic

 

Reference

• http://www.mozilla.org/security/announce/2012/mfsa2012-90.html
• https://bugzilla.mozilla.org/show_bug.cgi?id=793121
• RHSA-2012:1407-Third Party Advisory
• openSUSE-SU-2012:1412-Mailing List, Third Party Advisory
• RHSA-2012:1413-Third Party Advisory
• USN-1620-1-Third Party Advisory
• USN-1620-2-Third Party Advisory
• SUSE-SU-2012:1426-Mailing List, Third Party Advisory
• 56302-Third Party Advisory, VDB Entry
• 51165-Third Party Advisory
• 51146-Third Party Advisory
• 51121-Third Party Advisory
• 51123-Third Party Advisory
• 51147-Third Party Advisory
• 51144-Third Party Advisory
• 51127-Third Party Advisory
• 55318-Third Party Advisory
• oval:org.mitre.oval:def:16856-Third Party Advisory

 

Keywords

NVD

 

CVE-2012-4195

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures