CVE-2012-4195

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 16.0.2 Firefox ESR versions prior to 10.0.10 Thunderbird versions prior to 16.0.2 Thunderbird ESR versions prior to 10.0.10 SeaMonkey versions prior to 2.13.2

Description The issue makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site. It also allows remote attackers to execute arbitrary JavaScript code by leveraging certain add-on behavior. The nsLocation::CheckURL function does not properly determine the calling document and principal in its return value.

Recommendations For Mozilla Firefox versions prior to 16.0.2, update to version 16.0.2 or later. For Firefox ESR versions prior to 10.0.10, update to version 10.0.10 or later. For Thunderbird versions prior to 16.0.2, update to version 16.0.2 or later. For Thunderbird ESR versions prior to 10.0.10, update to version 10.0.10 or later. For SeaMonkey versions prior to 2.13.2, update to version 2.13.2 or later.