Lucene search
Mozilla FoundationMFSA2012-89HistoryOct 11, 2012 - 12:00 a.m.
defaultValue security checks not applied — Mozilla
2012-10-1100:00:00
Mozilla Foundation
www.mozilla.org
20
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.084 Low
EPSS
Percentile
94.4%
Mozilla security researcher moz_bug_r_a4 reported a regression where security wrappers are unwrapped without doing a security check in defaultValue(). This can allow for improper access to the Location object. In versions 15 and earlier of affected products, there was also the potential for arbitrary code execution.
| CPE | Name | Operator | Version |
|---|---|---|---|
| firefox | lt | 16.0.1 | |
| firefox esr | lt | 10.0.9 | |
| seamonkey | lt | 2.13.1 | |
| thunderbird | lt | 16.0.1 | |
| thunderbird esr | lt | 10.0.9 |
Related
nessus
nessus
Mozilla Thunderbird 10.x < 10.0.9 Multiple Vulnerabilities
2012-10-17 00:00:00
Thunderbird 10.x < 10.0.9 Multiple Vulnerabilities (Mac OS X)
2012-10-17 00:00:00
Firefox 10.x < 10.0.9 Multiple Vulnerabilities
2012-10-17 00:00:00
openvas
openvas
Mozilla Seamonkey Security Bypass Vulnerabilities (Oct 2012) - Windows
2013-07-12 00:00:00
Mozilla Thunderbird Security Bypass Vulnerabilities (Oct 2012) - Mac OS X
2013-07-12 00:00:00
Mozilla Thunderbird Security Bypass Vulnerabilities - Oct 12 (Mac OS X)
2013-07-12 00:00:00
ubuntucve
ubuntucve
CVE-2012-4192
2012-10-10 00:00:00
CVE-2012-4193
2012-10-11 00:00:00
cve
cve
CVE-2012-4192
2012-10-12 10:44:00
CVE-2012-4193
2012-10-12 10:44:00
prion
prion
Design/Logic Flaw
2012-10-12 10:44:00
Design/Logic Flaw
2012-10-12 10:44:00
redhat
redhat
(RHSA-2012:1361) Critical: xulrunner security update
2012-10-12 00:00:00
(RHSA-2012:1362) Critical: thunderbird security update
2012-10-12 00:00:00
oraclelinux
oraclelinux
xulrunner security update
2012-10-12 00:00:00
thunderbird security update
2012-10-12 00:00:00
centos
centos
thunderbird security update
2012-10-13 02:05:00
xulrunner security update
2012-10-12 21:47:30
veracode
veracode
Same Origin Policy Bypass
2019-01-15 08:58:46
checkpoint_advisories
checkpoint_advisories
Mozilla Firefox Cross Domain Information Disclosure (CVE-2012-4192)
2012-12-16 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2012-10-11 00:00:00
Thunderbird vulnerabilities
2012-10-12 00:00:00
suse
suse
MozillaFirefox: update to Firefox 16.0.1 (important)
2012-10-15 15:08:30
Security update for Mozilla Firefox (important)
2012-10-16 22:08:48
Firefox update to 31.1esr (important)
2014-09-09 18:04:16
freebsd
freebsd
mozilla -- multiple vulnerabilities
2012-10-09 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2012-10-29 00:00:00
ibm
ibm
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.084 Low
EPSS
Percentile
94.4%
Related for MFSA2012-89