Lucene search

K

[email protected]NVD:CVE-2012-4195

HistoryOct 29, 2012 - 6:55 p.m.

CVE-2012-4195

2012-10-2918:55:01

CWE-79

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

7.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.2%

The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 does not properly determine the calling document and principal in its return value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, and makes it easier for remote attackers to execute arbitrary JavaScript code by leveraging certain add-on behavior.

Affected configurations

NVD

Node

mozillafirefoxRange<16.0.2

OR

mozillafirefox_esrRange<10.0.10

OR

mozillaseamonkeyRange<2.13.2

OR

mozillathunderbirdRange<16.0.2

OR

mozillathunderbird_esrRange<10.0.10

Node

opensuseopensuseMatch11.4

OR

opensuseopensuseMatch12.1

OR

opensuseopensuseMatch12.2

OR

suselinux_enterprise_desktopMatch10sp4

OR

suselinux_enterprise_desktopMatch11sp2

OR

suselinux_enterprise_serverMatch10sp4

OR

suselinux_enterprise_serverMatch11sp2-

OR

suselinux_enterprise_serverMatch11sp2vmware

OR

suselinux_enterprise_software_development_kitMatch10sp4

OR

suselinux_enterprise_software_development_kitMatch11sp2

Node

canonicalubuntu_linuxMatch10.04-

OR

canonicalubuntu_linuxMatch11.04

OR

canonicalubuntu_linuxMatch11.10

OR

canonicalubuntu_linuxMatch12.04esm

OR

canonicalubuntu_linuxMatch12.10

Node

redhatenterprise_linux_desktopMatch5.0

OR

redhatenterprise_linux_desktopMatch6.0

OR

redhatenterprise_linux_eusMatch6.3

OR

redhatenterprise_linux_serverMatch5.0

OR

redhatenterprise_linux_serverMatch6.0

OR

redhatenterprise_linux_workstationMatch5.0

OR

redhatenterprise_linux_workstationMatch6.0

References

lists.opensuse.org/opensuse-security-announce/2012-10/msg00019.html

lists.opensuse.org/opensuse-security-announce/2012-10/msg00025.html

rhn.redhat.com/errata/RHSA-2012-1407.html

rhn.redhat.com/errata/RHSA-2012-1413.html

secunia.com/advisories/51121

secunia.com/advisories/51123

secunia.com/advisories/51127

secunia.com/advisories/51144

secunia.com/advisories/51146

secunia.com/advisories/51147

secunia.com/advisories/51165

secunia.com/advisories/55318

www.mozilla.org/security/announce/2012/mfsa2012-90.html

www.securityfocus.com/bid/56302

www.ubuntu.com/usn/USN-1620-1

www.ubuntu.com/usn/USN-1620-2

bugzilla.mozilla.org/show_bug.cgi?id=793121

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16856

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

7.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.2%

Related for NVD:CVE-2012-4195

prion1 ubuntucve1 cve1 cvelist1 oraclelinux2 nessus27 openvas46 veracode2 mozilla1 redhat2 centos2 suse3 ubuntu2 freebsd1 ibm2 gentoo1