PT-2012-5228 · Mozilla+3 · Firefox+7

Moz_Bug_R_A4

·

Publicado

2012-10-09

·

Atualizado

2024-10-21

·

CVE-2012-4184

CVSS v2.0

4.3

Média

VetorAV:N/AC:M/Au:N/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 16.0 Firefox ESR versions prior to 10.0.8 Thunderbird versions prior to 16.0 Thunderbird ESR versions prior to 10.0.8 SeaMonkey versions prior to 2.13
Description The issue allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site, due to the Chrome Object Wrapper (COW) implementation not preventing access to properties of a prototype for a standard class.
Recommendations For Mozilla Firefox versions prior to 16.0, update to version 16.0 or later. For Firefox ESR versions prior to 10.0.8, update to version 10.0.8 or later. For Thunderbird versions prior to 16.0, update to version 16.0 or later. For Thunderbird ESR versions prior to 10.0.8, update to version 10.0.8 or later. For SeaMonkey versions prior to 2.13, update to version 2.13 or later.

Exploit

Correção

RCE

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CESA-2012_1350
CESA-2012_1351
CVE-2012-4184
OPENSUSE-SU-2012_1345-1
OPENSUSE-SU-2014_1100-1
OPENSUSE-SU-2024:10071-1
OPENSUSE-SU-2024:10230-1
RHSA-2012:1350
RHSA-2012:1351
RHSA-2012_1350
RHSA-2012_1351

Produtos afetados

Centos
Firefox Esr
Firefox
Red Hat
Seamonkey
Suse
Thunderbird
Thunderbird Esr