Lucene search

MitreCVE-2012-4194

HistoryOct 29, 2012 - 6:55 p.m.

CVE-2012-4194

2012-10-2918:55:01

CWE-79

mitre

web.nvd.nist.gov

cve-2012-4194

cross-site scripting

xss

mozilla firefox

thunderbird

seamonkey

security vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

8.2

Confidence

High

EPSS

0.004

Percentile

73.2%

JSON

Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 do not prevent use of the valueOf method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin.

Affected configurations

Nvd

Node

mozillafirefoxRange<16.0.2

mozillafirefox_esrRange10.0–10.0.10

mozillaseamonkeyRange<2.13.2

mozillathunderbirdRange<16.0.2

mozillathunderbird_esrRange10.0–10.0.10

Node

opensuseopensuseMatch11.4

opensuseopensuseMatch12.1

opensuseopensuseMatch12.2

suselinux_enterprise_desktopMatch10sp4

suselinux_enterprise_desktopMatch11sp2

suselinux_enterprise_serverMatch10sp4

suselinux_enterprise_serverMatch11sp2-

suselinux_enterprise_serverMatch11sp2vmware

suselinux_enterprise_software_development_kitMatch10sp4

suselinux_enterprise_software_development_kitMatch11sp2

Node

canonicalubuntu_linuxMatch10.04-

canonicalubuntu_linuxMatch11.04

canonicalubuntu_linuxMatch11.10

canonicalubuntu_linuxMatch12.04esm

canonicalubuntu_linuxMatch12.10

Node

redhatenterprise_linux_desktopMatch5.0

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_eusMatch6.3

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_workstationMatch5.0

redhatenterprise_linux_workstationMatch6.0

VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozillafirefox_esr*cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
mozillaseamonkey*cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
mozillathunderbird*cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
mozillathunderbird_esr*cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*
opensuseopensuse11.4cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
opensuseopensuse12.1cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*
opensuseopensuse12.2cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
suselinux_enterprise_desktop10cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*
suselinux_enterprise_desktop11cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	firefox	*	cpe:2.3:a:mozilla:firefox::::::::
mozilla	firefox_esr	*	cpe:2.3:a:mozilla:firefox_esr::::::::
mozilla	seamonkey	*	cpe:2.3:a:mozilla:seamonkey::::::::
mozilla	thunderbird	*	cpe:2.3:a:mozilla:thunderbird::::::::
mozilla	thunderbird_esr	*	cpe:2.3:a:mozilla:thunderbird_esr::::::::
opensuse	opensuse	11.4	cpe:2.3:o:opensuse:opensuse:11.4:::::::*
opensuse	opensuse	12.1	cpe:2.3:o:opensuse:opensuse:12.1:::::::*
opensuse	opensuse	12.2	cpe:2.3:o:opensuse:opensuse:12.2:::::::*
suse	linux_enterprise_desktop	10	cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4::::::
suse	linux_enterprise_desktop	11	cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2::::::