PT-2012-5237 · Mozilla+3 · Firefox+7

Moz_Bug_R_A4

Publicado

2012-10-11

Atualizado

2024-10-21

CVE-2012-4193

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 16.0.1 Firefox ESR versions prior to 10.0.9 Thunderbird versions prior to 16.0.1 Thunderbird ESR versions prior to 10.0.9 SeaMonkey versions prior to 2.13.1

Description The issue allows remote attackers to bypass the Same Origin Policy and read the properties of a Location object, or execute arbitrary JavaScript code, via a crafted web site. This is due to a missing security check in the defaultValue function during the unwrapping of security wrappers.

Recommendations For Mozilla Firefox versions prior to 16.0.1, update to version 16.0.1 or later. For Firefox ESR versions prior to 10.0.9, update to version 10.0.9 or later. For Thunderbird versions prior to 16.0.1, update to version 16.0.1 or later. For Thunderbird ESR versions prior to 10.0.9, update to version 10.0.9 or later. For SeaMonkey versions prior to 2.13.1, update to version 2.13.1 or later.

Exploit

Correção

Origin Validation Error

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-346

Identificadores relacionados

CESA-2012_1361

CESA-2012_1362

CVE-2012-4193

OPENSUSE-SU-2012_1345-1

OPENSUSE-SU-2014_1100-1

OPENSUSE-SU-2024:10071-1

OPENSUSE-SU-2024:10230-1

RHSA-2012:1361

RHSA-2012:1362

RHSA-2012_1361

RHSA-2012_1362

Produtos afetados

Centos

Firefox Esr

Firefox

Red Hat

Seamonkey

Suse

Thunderbird

Thunderbird Esr

PT-2012-5237 · Mozilla+3 · Firefox+7

CVE-2012-4193

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 1950