CVE-2012-4195

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 does not properly determine the calling document and principal in its return value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, and makes it easier for remote attackers to execute arbitrary JavaScript code by leveraging certain add-on behavior.

References

http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00019.html

http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00025.html

http://rhn.redhat.com/errata/RHSA-2012-1407.html

http://rhn.redhat.com/errata/RHSA-2012-1413.html

http://secunia.com/advisories/51121

http://secunia.com/advisories/51123

http://secunia.com/advisories/51127

http://secunia.com/advisories/51144

http://secunia.com/advisories/51146

http://secunia.com/advisories/51147

http://secunia.com/advisories/51165

http://secunia.com/advisories/55318

http://www.mozilla.org/security/announce/2012/mfsa2012-90.html

http://www.securityfocus.com/bid/56302

http://www.ubuntu.com/usn/USN-1620-1

http://www.ubuntu.com/usn/USN-1620-2

https://bugzilla.mozilla.org/show_bug.cgi?id=793121

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16856

Details

Source: MITRE

Published: 2012-10-29

Updated: 2020-08-12

Type: CWE-79

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*

cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Tenable Plugins

View all (27 total)

IDNameProductFamilySeverity
74792openSUSE Security Update : Mozilla Suite (openSUSE-SU-2012:1412-1)NessusSuSE Local Security Checks
medium
68648Oracle Linux 6 : thunderbird (ELSA-2012-1413)NessusOracle Linux Local Security Checks
medium
68647Oracle Linux 5 / 6 : firefox (ELSA-2012-1407)NessusOracle Linux Local Security Checks
medium
64134SuSE 11.2 Security Update : Mozilla Firefox (SAT Patch Number 7004)NessusSuSE Local Security Checks
medium
63402GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)NessusGentoo Local Security Checks
critical
801362Mozilla Thunderbird 16.x < 16.0.2 Multiple VulnerabilitiesLog Correlation EngineSMTP Clients
medium
6614Mozilla Thunderbird 16.x < 16.0.2 Multiple VulnerabilitiesNessus Network MonitorSMTP Clients
medium
62780SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8348)NessusSuSE Local Security Checks
medium
801317Mozilla SeaMonkey 2.13.x < 2.13.2 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
6613SeaMonkey < 2.13.2 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
low
62774Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64 (20121029)NessusScientific Linux Local Security Checks
medium
62763CentOS 5 / 6 : thunderbird (CESA-2012:1413)NessusCentOS Local Security Checks
medium
62756Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : thunderbird vulnerabilities (USN-1620-2)NessusUbuntu Local Security Checks
medium
62755RHEL 5 / 6 : thunderbird (RHSA-2012:1413)NessusRed Hat Local Security Checks
medium
62747SeaMonkey < 2.13.2 Multiple VulnerabilitiesNessusWindows
medium
62746Mozilla Thunderbird < 16.0.2 Multiple VulnerabilitiesNessusWindows
medium
62745Mozilla Thunderbird 10.x < 10.0.10 Multiple VulnerabilitiesNessusWindows
medium
62744Firefox < 16.0.2 Multiple VulnerabilitiesNessusWindows
medium
62743Firefox 10.x < 10.0.10 Multiple VulnerabilitiesNessusWindows
medium
62742Thunderbird < 16.0.2 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
medium
62741Thunderbird 10.x < 10.0.10 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
medium
62740Firefox < 16.0.2 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
medium
62739Firefox < 10.0.10 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
medium
62733Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS / 12.10 : firefox vulnerabilities (USN-1620-1)NessusUbuntu Local Security Checks
medium
62732RHEL 5 / 6 : firefox (RHSA-2012:1407)NessusRed Hat Local Security Checks
medium
62731FreeBSD : mozilla -- multiple vulnerabilities (6b3b1b97-207c-11e2-a03f-c8600054b392)NessusFreeBSD Local Security Checks
medium
62720CentOS 5 / 6 : firefox (CESA-2012:1407)NessusCentOS Local Security Checks
medium