CVE-2012-4196

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 allow remote attackers to bypass the Same Origin Policy and read the Location object via a prototype property-injection attack that defeats certain protection mechanisms for this object.

References

http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00019.html

http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00025.html

http://rhn.redhat.com/errata/RHSA-2012-1407.html

http://rhn.redhat.com/errata/RHSA-2012-1413.html

http://secunia.com/advisories/51121

http://secunia.com/advisories/51123

http://secunia.com/advisories/51127

http://secunia.com/advisories/51144

http://secunia.com/advisories/51146

http://secunia.com/advisories/51147

http://secunia.com/advisories/51165

http://secunia.com/advisories/55318

http://www.mozilla.org/security/announce/2012/mfsa2012-90.html

http://www.securityfocus.com/bid/56306

http://www.ubuntu.com/usn/USN-1620-1

http://www.ubuntu.com/usn/USN-1620-2

https://bugzilla.mozilla.org/show_bug.cgi?id=802557

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16962

Details

Source: MITRE

Published: 2012-10-29

Updated: 2020-08-12

Type: CWE-74

Risk Information

CVSS v2

Base Score: 6.4

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

Impact Score: 4.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*

cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Tenable Plugins

View all (27 total)

IDNameProductFamilySeverity
74792openSUSE Security Update : Mozilla Suite (openSUSE-SU-2012:1412-1)NessusSuSE Local Security Checks
medium
68648Oracle Linux 6 : thunderbird (ELSA-2012-1413)NessusOracle Linux Local Security Checks
medium
68647Oracle Linux 5 / 6 : firefox (ELSA-2012-1407)NessusOracle Linux Local Security Checks
medium
64134SuSE 11.2 Security Update : Mozilla Firefox (SAT Patch Number 7004)NessusSuSE Local Security Checks
medium
63402GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)NessusGentoo Local Security Checks
critical
801362Mozilla Thunderbird 16.x < 16.0.2 Multiple VulnerabilitiesLog Correlation EngineSMTP Clients
medium
6614Mozilla Thunderbird 16.x < 16.0.2 Multiple VulnerabilitiesNessus Network MonitorSMTP Clients
medium
62780SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8348)NessusSuSE Local Security Checks
medium
801317Mozilla SeaMonkey 2.13.x < 2.13.2 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
6613SeaMonkey < 2.13.2 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
low
62774Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64 (20121029)NessusScientific Linux Local Security Checks
medium
62763CentOS 5 / 6 : thunderbird (CESA-2012:1413)NessusCentOS Local Security Checks
medium
62756Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : thunderbird vulnerabilities (USN-1620-2)NessusUbuntu Local Security Checks
medium
62755RHEL 5 / 6 : thunderbird (RHSA-2012:1413)NessusRed Hat Local Security Checks
medium
62747SeaMonkey < 2.13.2 Multiple VulnerabilitiesNessusWindows
medium
62746Mozilla Thunderbird < 16.0.2 Multiple VulnerabilitiesNessusWindows
medium
62745Mozilla Thunderbird 10.x < 10.0.10 Multiple VulnerabilitiesNessusWindows
medium
62744Firefox < 16.0.2 Multiple VulnerabilitiesNessusWindows
medium
62743Firefox 10.x < 10.0.10 Multiple VulnerabilitiesNessusWindows
medium
62742Thunderbird < 16.0.2 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
medium
62741Thunderbird 10.x < 10.0.10 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
medium
62740Firefox < 16.0.2 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
medium
62739Firefox < 10.0.10 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
medium
62733Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS / 12.10 : firefox vulnerabilities (USN-1620-1)NessusUbuntu Local Security Checks
medium
62732RHEL 5 / 6 : firefox (RHSA-2012:1407)NessusRed Hat Local Security Checks
medium
62731FreeBSD : mozilla -- multiple vulnerabilities (6b3b1b97-207c-11e2-a03f-c8600054b392)NessusFreeBSD Local Security Checks
medium
62720CentOS 5 / 6 : firefox (CESA-2012:1407)NessusCentOS Local Security Checks
medium