Lucene search

K

PRIOn knowledge basePRION:CVE-2012-4205

HistoryNov 21, 2012 - 12:55 p.m.

Cross site request forgery (csrf)

2012-11-2112:55:00

PRIOn knowledge base

www.prio-n.com

8

6.8 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

72.3%

Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks or obtain sensitive information by leveraging a sandboxed add-on.

CPENameOperatorVersion
ubuntu_linuxeq11.10
ubuntu_linuxeq12.10
ubuntu_linuxeq12.04
ubuntu_linuxeq10.04
firefoxlt17.0
seamonkeylt2.14
thunderbirdlt17.0
opensuseeq11.4
opensuseeq12.2
opensuseeq12.1

Rows per page:

1-10 of 171

References

lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html

lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html

lists.opensuse.org/opensuse-updates/2012-11/msg00090.html

lists.opensuse.org/opensuse-updates/2012-11/msg00092.html

lists.opensuse.org/opensuse-updates/2012-11/msg00093.html

secunia.com/advisories/51369

secunia.com/advisories/51370

secunia.com/advisories/51381

secunia.com/advisories/51434

secunia.com/advisories/51439

secunia.com/advisories/51440

www.mozilla.org/security/announce/2012/mfsa2012-97.html

www.securityfocus.com/bid/56621

www.ubuntu.com/usn/USN-1636-1

www.ubuntu.com/usn/USN-1638-1

www.ubuntu.com/usn/USN-1638-2

www.ubuntu.com/usn/USN-1638-3

bugzilla.mozilla.org/show_bug.cgi?id=779821

exchange.xforce.ibmcloud.com/vulnerabilities/80175

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16965

6.8 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

72.3%

Related for PRION:CVE-2012-4205

ubuntucve1 mozilla1 cve1 openvas22 cvelist1 nessus23 ubuntu4 suse3 securityvulns1 freebsd1 gentoo1