[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248678

 
 

909

 
 

195426

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2012-4195Date: (C)2012-10-29   (M)2024-03-27


The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 does not properly determine the calling document and principal in its return value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, and makes it easier for remote attackers to execute arbitrary JavaScript code by leveraging certain add-on behavior.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.1
Exploit Score: 4.9
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECUNIA-51121
SECUNIA-51123
SECUNIA-51127
SECUNIA-51144
SECUNIA-51146
SECUNIA-51147
SECUNIA-51165
SECUNIA-55318
BID-56302
RHSA-2012:1407
RHSA-2012:1413
SUSE-SU-2012:1426
USN-1620-1
USN-1620-2
http://www.mozilla.org/security/announce/2012/mfsa2012-90.html
https://bugzilla.mozilla.org/show_bug.cgi?id=793121
openSUSE-SU-2012:1412
oval:org.mitre.oval:def:16856

CPE    455
cpe:/a:mozilla:firefox:14.0
cpe:/a:mozilla:seamonkey:2.8:beta6
cpe:/a:mozilla:firefox:3.6.20
cpe:/a:mozilla:firefox:3.6.21
...
CWE    1
CWE-264
OVAL    16
oval:org.secpod.oval:def:400385
oval:org.secpod.oval:def:701056
oval:org.secpod.oval:def:701059
oval:org.secpod.oval:def:1300139
...

© SecPod Technologies