CVE-2012-4193
12.10.2012, 10:44
Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same Origin Policy and read the properties of a Location object, or execute arbitrary JavaScript code, via a crafted web site.Enginsight
| Vendor | Product | Version |
|---|---|---|
| mozilla | firefox | 𝑥 < 16.0.1 |
| mozilla | firefox | 10.0 ≤ 𝑥 < 10.0.9 |
| mozilla | seamonkey | 𝑥 < 2.13.1 |
| mozilla | thunderbird | 𝑥 < 16.0.1 |
| mozilla | thunderbird_esr | 10.0 ≤ 𝑥 < 10.0.9 |
| canonical | ubuntu_linux | 10.04 |
| canonical | ubuntu_linux | 11.04 |
| canonical | ubuntu_linux | 11.10 |
| canonical | ubuntu_linux | 12.04 |
| redhat | enterprise_linux_desktop | 5.0 |
| redhat | enterprise_linux_desktop | 6.0 |
| redhat | enterprise_linux_eus | 6.3 |
| redhat | enterprise_linux_server | 5.0 |
| redhat | enterprise_linux_server | 6.0 |
| redhat | enterprise_linux_workstation | 5.0 |
| redhat | enterprise_linux_workstation | 6.0 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Ubuntu Product | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| firefox |
| ||||||||||||||||
| seamonkey |
| ||||||||||||||||
| thunderbird |
| ||||||||||||||||
| xulrunner-1.9.2 |
| ||||||||||||||||
| xulrunner-2.0 |
|
Common Weakness Enumeration
References