Code injection

2012-10-1017:55:00

PRIOn knowledge base

www.prio-n.com

8.1 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.018 Low

EPSS

Percentile

87.7%

JSON

Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly perform a cast of an unspecified variable during use of the instanceof operator on a JavaScript object, which allows remote attackers to execute arbitrary code or cause a denial of service (assertion failure) via a crafted web site.

CPENameOperatorVersion
ubuntu_linuxeq11.04
ubuntu_linuxeq11.10
ubuntu_linuxeq12.04
ubuntu_linuxeq10.04
firefoxlt16.0
seamonkeylt2.13
thunderbirdlt16.0
linux_enterprise_desktopeq11 sp2
linux_enterprise_desktopeq10 sp4
linux_enterprise_servereq11 sp2

Name	Operator	Version
ubuntu_linux	eq	11.04
ubuntu_linux	eq	11.10
ubuntu_linux	eq	12.04
ubuntu_linux	eq	10.04
firefox	lt	16.0
seamonkey	lt	2.13
thunderbird	lt	16.0
linux_enterprise_desktop	eq	11 sp2
linux_enterprise_desktop	eq	10 sp4
linux_enterprise_server	eq	11 sp2