Lucene search
Mozilla FoundationMFSA2012-97HistoryNov 20, 2012 - 12:00 a.m.
XMLHttpRequest inherits incorrect principal within sandbox — Mozilla
2012-11-2000:00:00
Mozilla Foundation
www.mozilla.org
27
0.004 Low
EPSS
Percentile
72.8%
Mozilla developer Gabor Krizsanits discovered that XMLHttpRequest objects created within sandboxes have the system principal instead of the sandbox principal. This can lead to cross-site request forgery (CSRF) or information theft via an add-on running untrusted code in a sandbox.
Related
prion
prion
Cross site request forgery (csrf)
2012-11-21 12:55:00
ubuntucve
ubuntucve
CVE-2012-4205
2012-11-21 00:00:00
cve
cve
CVE-2012-4205
2012-11-21 12:55:00
cvelist
cvelist
CVE-2012-4205
2012-11-21 11:00:00
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2012-97) - Linux
2021-11-11 00:00:00
Ubuntu: Security Advisory (USN-1638-2)
2012-11-23 00:00:00
Ubuntu: Security Advisory (USN-1638-3)
2012-12-04 00:00:00
nessus
nessus
Mozilla Thunderbird < 17.0 Multiple Vulnerabilities
2012-11-21 00:00:00
SeaMonkey < 2.14 Multiple Vulnerabilities
2012-11-21 00:00:00
Thunderbird 16.x Multiple Vulnerabilities (Mac OS X)
2012-11-21 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2012-11-21 00:00:00
ubufox update
2012-11-21 00:00:00
Firefox vulnerabilities
2012-11-21 00:00:00
suse
suse
security update to Firefox 17.0 and other Mozilla based packages (important)
2013-01-23 14:07:31
Security update for Mozilla Firefox (important)
2012-11-29 01:08:52
Firefox update to 31.1esr (important)
2014-09-09 18:04:16
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2012-12-03 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2012-11-20 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00