CVE-2012-4193

2012-10-1100:00:00

ubuntu.com

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.023 Low

EPSS

Percentile

89.5%

JSON

Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird
before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before
2.13.1 omit a security check in the defaultValue function during the
unwrapping of security wrappers, which allows remote attackers to bypass
the Same Origin Policy and read the properties of a Location object, or
execute arbitrary JavaScript code, via a crafted web site.

Notes

Author	Note
jdstrand	xulrunner-1.9.2 unmaintained upstream (see README.mozilla for details)
micahg	this CVE is for the pre-16 fix

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchthunderbird< 16.0.1+build1-0ubuntu0.10.04.1UNKNOWN
ubuntu11.04noarchthunderbird< 16.0.1+build1-0ubuntu0.11.04.1UNKNOWN
ubuntu11.10noarchthunderbird< 16.0.1+build1-0ubuntu0.11.10.1UNKNOWN
ubuntu12.04noarchthunderbird< 16.0.1+build1-0ubuntu0.12.04.1UNKNOWN
ubuntu12.10noarchthunderbird< 16.0.1+build1-0ubuntu1UNKNOWN
ubuntu13.04noarchthunderbird< 16.0.1+build1-0ubuntu1UNKNOWN
ubuntu13.10noarchthunderbird< 16.0.1+build1-0ubuntu1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	10.04	noarch	thunderbird	< 16.0.1+build1-0ubuntu0.10.04.1	UNKNOWN
ubuntu	11.04	noarch	thunderbird	< 16.0.1+build1-0ubuntu0.11.04.1	UNKNOWN
ubuntu	11.10	noarch	thunderbird	< 16.0.1+build1-0ubuntu0.11.10.1	UNKNOWN
ubuntu	12.04	noarch	thunderbird	< 16.0.1+build1-0ubuntu0.12.04.1	UNKNOWN
ubuntu	12.10	noarch	thunderbird	< 16.0.1+build1-0ubuntu1	UNKNOWN
ubuntu	13.04	noarch	thunderbird	< 16.0.1+build1-0ubuntu1	UNKNOWN
ubuntu	13.10	noarch	thunderbird	< 16.0.1+build1-0ubuntu1	UNKNOWN