[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2012-4205Date: (C)2012-11-21   (M)2024-03-27


Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks or obtain sensitive information by leveraging a sandboxed add-on.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.8
Exploit Score: 8.6
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECUNIA-51369
SECUNIA-51370
SECUNIA-51381
SECUNIA-51434
SECUNIA-51439
SECUNIA-51440
BID-56621
IAVM:2012-A-0190
SUSE-SU-2012:1592
USN-1636-1
USN-1638-1
USN-1638-2
USN-1638-3
firefox-xmlhttprequest-sec-bypass(80175)
http://www.mozilla.org/security/announce/2012/mfsa2012-97.html
https://bugzilla.mozilla.org/show_bug.cgi?id=779821
openSUSE-SU-2012:1583
openSUSE-SU-2012:1585
openSUSE-SU-2012:1586
openSUSE-SU-2013:0175
oval:org.mitre.oval:def:16965

CPE    369
cpe:/a:mozilla:firefox:14.0
cpe:/a:mozilla:thunderbird:11.0
cpe:/a:mozilla:firefox:7.0.1
cpe:/a:mozilla:seamonkey:2.8:beta6
...
OVAL    8
oval:org.secpod.oval:def:701075
oval:org.secpod.oval:def:701078
oval:org.secpod.oval:def:701076
oval:org.secpod.oval:def:400476
...

© SecPod Technologies