Lucene search

Mozilla FoundationMFSA2012-93

HistoryNov 20, 2012 - 12:00 a.m.

evalInSanbox location context incorrectly applied — Mozilla

2012-11-2000:00:00

Mozilla Foundation

www.mozilla.org

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

70.8%

JSON

Mozilla security researcher moz_bug_r_a4 reported that if code executed by the evalInSandbox function sets location.href, it can get the wrong subject principal for the URL check, ignoring the sandbox’s Javascript context and gaining the context of evalInSandbox object. This can lead to malicious web content being able to perform a cross-site scripting (XSS) attack or stealing a copy of a local file if the user has installed an add-on vulnerable to this attack.

Affected configurations

Vulners

Node

mozillafirefoxRange<17

mozillafirefox_esrRange<10.0.11

mozillaseamonkeyRange<2.14

mozillathunderbirdRange<17

mozillathunderbird_esrRange<10.0.11

CPENameOperatorVersion
firefoxlt17
firefox esrlt10.0.11
seamonkeylt2.14
thunderbirdlt17
thunderbird esrlt10.0.11

Name	Operator	Version
firefox	lt	17
firefox esr	lt	10.0.11
seamonkey	lt	2.14
thunderbird	lt	17
thunderbird esr	lt	10.0.11

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4201

bugzilla.mozilla.org/show_bug.cgi?id=747607

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

70.8%

JSON

Related for MFSA2012-93