CVE-2012-4193

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same Origin Policy and read the properties of a Location object, or execute arbitrary JavaScript code, via a crafted web site.

References

http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html

http://rhn.redhat.com/errata/RHSA-2012-1361.html

http://rhn.redhat.com/errata/RHSA-2012-1362.html

http://secunia.com/advisories/50904

http://secunia.com/advisories/50906

http://secunia.com/advisories/50907

http://secunia.com/advisories/50964

http://secunia.com/advisories/50984

http://secunia.com/advisories/55318

http://www.mozilla.org/security/announce/2012/mfsa2012-89.html

http://www.ubuntu.com/usn/USN-1611-1

https://bugzilla.mozilla.org/show_bug.cgi?id=720619

https://exchange.xforce.ibmcloud.com/vulnerabilities/79211

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16786

Details

Source: MITRE

Published: 2012-10-12

Updated: 2020-08-14

Type: CWE-346

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

Tenable Plugins

View all (29 total)

IDNameProductFamilySeverity
83562SUSE SLED10 / SLED11 / SLES10 / SLES11 Security Update : Mozilla Firefox (SUSE-SU-2012:1351-1)NessusSuSE Local Security Checks
critical
74779openSUSE Security Update : MozillaFirefox (openSUSE-SU-2012:1345-1)NessusSuSE Local Security Checks
critical
68639Oracle Linux 6 : thunderbird (ELSA-2012-1362)NessusOracle Linux Local Security Checks
medium
68638Oracle Linux 5 / 6 : xulrunner (ELSA-2012-1361)NessusOracle Linux Local Security Checks
medium
64133SuSE 11.2 Security Update : Mozilla Firefox (SAT Patch Number 6951)NessusSuSE Local Security Checks
critical
63402GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)NessusGentoo Local Security Checks
critical
62592SeaMonkey < 2.13.1 Multiple VulnerabilitiesNessusWindows
critical
62591Mozilla Thunderbird < 16.0.1 Multiple VulnerabilitiesNessusWindows
critical
62590Mozilla Thunderbird 10.x < 10.0.9 Multiple VulnerabilitiesNessusWindows
high
62589Firefox < 16.0.1 Multiple VulnerabilitiesNessusWindows
critical
62588Firefox 10.x < 10.0.9 Multiple VulnerabilitiesNessusWindows
high
62587Thunderbird < 16.0.1 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
62586Thunderbird 10.x < 10.0.9 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
high
62585Firefox < 16.0.1 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
62584Firefox < 10.0.9 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
high
62573SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8327)NessusSuSE Local Security Checks
critical
801325Mozilla Firefox 15.x <= 15 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
801323Mozilla Thunderbird 15.x <= 15 Multiple VulnerabilitiesLog Correlation EngineSMTP Clients
high
801301Mozilla SeaMonkey 2.x < 2.13 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
6604Mozilla Thunderbird < 16.0.1 Multiple VulnerabilitiesNessus Network MonitorSMTP Clients
high
6603SeaMonkey 2.x < 2.13 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
6602Mozilla Firefox < 16.0 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
62556Scientific Linux Security Update : xulrunner on SL5.x, SL6.x i386/x86_64 (20121012)NessusScientific Linux Local Security Checks
high
62548Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : thunderbird vulnerabilities (USN-1611-1)NessusUbuntu Local Security Checks
critical
62542RHEL 5 / 6 : thunderbird (RHSA-2012:1362)NessusRed Hat Local Security Checks
medium
62541RHEL 5 / 6 : xulrunner (RHSA-2012:1361)NessusRed Hat Local Security Checks
medium
62522CentOS 5 / 6 : thunderbird (CESA-2012:1362)NessusCentOS Local Security Checks
medium
62521CentOS 5 / 6 : xulrunner (CESA-2012:1361)NessusCentOS Local Security Checks
medium
62490FreeBSD : mozilla -- multiple vulnerabilities (6e5a9afd-12d3-11e2-b47d-c8600054b392)NessusFreeBSD Local Security Checks
critical