[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2012-4196Date: (C)2012-10-29   (M)2024-03-27


Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 allow remote attackers to bypass the Same Origin Policy and read the Location object via a prototype property-injection attack that defeats certain protection mechanisms for this object.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
SECUNIA-51121
SECUNIA-51123
SECUNIA-51127
SECUNIA-51144
SECUNIA-51146
SECUNIA-51147
SECUNIA-51165
SECUNIA-55318
BID-56306
RHSA-2012:1407
RHSA-2012:1413
SUSE-SU-2012:1426
USN-1620-1
USN-1620-2
http://www.mozilla.org/security/announce/2012/mfsa2012-90.html
https://bugzilla.mozilla.org/show_bug.cgi?id=802557
openSUSE-SU-2012:1412
oval:org.mitre.oval:def:16962

CPE    455
cpe:/a:mozilla:firefox:14.0
cpe:/a:mozilla:seamonkey:2.8:beta6
cpe:/a:mozilla:firefox:3.6.20
cpe:/a:mozilla:firefox:3.6.21
...
CWE    1
CWE-264
OVAL    16
oval:org.secpod.oval:def:400385
oval:org.secpod.oval:def:701056
oval:org.secpod.oval:def:701059
oval:org.secpod.oval:def:1300139
...

© SecPod Technologies