[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247768

 
 

909

 
 

194555

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2012-4208Date: (C)2012-11-21   (M)2024-03-27


The XrayWrapper implementation in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 does not consider the compartment during property filtering, which allows remote attackers to bypass intended chrome-only restrictions on reading DOM object properties via a crafted web site.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
SECUNIA-51369
SECUNIA-51370
SECUNIA-51381
SECUNIA-51434
SECUNIA-51439
SECUNIA-51440
BID-56627
IAVM:2012-A-0190
SUSE-SU-2012:1592
USN-1636-1
USN-1638-1
USN-1638-2
USN-1638-3
http://www.mozilla.org/security/announce/2012/mfsa2012-99.html
https://bugzilla.mozilla.org/show_bug.cgi?id=798264
openSUSE-SU-2012:1583
openSUSE-SU-2012:1585
openSUSE-SU-2012:1586
openSUSE-SU-2013:0175
oval:org.mitre.oval:def:16695

CPE    443
cpe:/a:mozilla:firefox:14.0
cpe:/a:mozilla:seamonkey:2.8:beta6
cpe:/a:mozilla:firefox:3.6.20
cpe:/a:mozilla:firefox:3.6.21
...
CWE    1
CWE-264
OVAL    8
oval:org.secpod.oval:def:400476
oval:org.secpod.oval:def:701075
oval:org.secpod.oval:def:701078
oval:org.secpod.oval:def:701076
...

© SecPod Technologies