Lucene search

MitreCVE-2012-4195

HistoryOct 29, 2012 - 6:55 p.m.

CVE-2012-4195

2012-10-2918:55:01

CWE-79

mitre

web.nvd.nist.gov

cve-2012-4195

mozilla firefox

thunderbird

seamonkey

xss

javascript

security vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

8.2

Confidence

High

EPSS

0.002

Percentile

61.1%

JSON

The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 does not properly determine the calling document and principal in its return value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, and makes it easier for remote attackers to execute arbitrary JavaScript code by leveraging certain add-on behavior.

Affected configurations

Nvd

Node

mozillafirefoxRange<16.0.2

mozillafirefox_esrRange<10.0.10

mozillaseamonkeyRange<2.13.2

mozillathunderbirdRange<16.0.2

mozillathunderbird_esrRange<10.0.10

Node

opensuseopensuseMatch11.4

opensuseopensuseMatch12.1

opensuseopensuseMatch12.2

suselinux_enterprise_desktopMatch10sp4

suselinux_enterprise_desktopMatch11sp2

suselinux_enterprise_serverMatch10sp4

suselinux_enterprise_serverMatch11sp2-

suselinux_enterprise_serverMatch11sp2vmware

suselinux_enterprise_software_development_kitMatch10sp4

suselinux_enterprise_software_development_kitMatch11sp2

Node

canonicalubuntu_linuxMatch10.04-

canonicalubuntu_linuxMatch11.04

canonicalubuntu_linuxMatch11.10

canonicalubuntu_linuxMatch12.04esm

canonicalubuntu_linuxMatch12.10

Node

redhatenterprise_linux_desktopMatch5.0

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_eusMatch6.3

redhatenterprise_linux_serverMatch5.0

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_workstationMatch5.0

redhatenterprise_linux_workstationMatch6.0

VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozillafirefox_esr*cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
mozillaseamonkey*cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
mozillathunderbird*cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
mozillathunderbird_esr*cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*
opensuseopensuse11.4cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
opensuseopensuse12.1cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*
opensuseopensuse12.2cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
suselinux_enterprise_desktop10cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*
suselinux_enterprise_desktop11cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	firefox	*	cpe:2.3:a:mozilla:firefox::::::::
mozilla	firefox_esr	*	cpe:2.3:a:mozilla:firefox_esr::::::::
mozilla	seamonkey	*	cpe:2.3:a:mozilla:seamonkey::::::::
mozilla	thunderbird	*	cpe:2.3:a:mozilla:thunderbird::::::::
mozilla	thunderbird_esr	*	cpe:2.3:a:mozilla:thunderbird_esr::::::::
opensuse	opensuse	11.4	cpe:2.3:o:opensuse:opensuse:11.4:::::::*
opensuse	opensuse	12.1	cpe:2.3:o:opensuse:opensuse:12.1:::::::*
opensuse	opensuse	12.2	cpe:2.3:o:opensuse:opensuse:12.2:::::::*
suse	linux_enterprise_desktop	10	cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4::::::
suse	linux_enterprise_desktop	11	cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2::::::