Lucene search

MitreCVE-2012-3985

HistoryOct 10, 2012 - 5:55 p.m.

CVE-2012-3985

2012-10-1017:55:01

CWE-79

mitre

web.nvd.nist.gov

cve-2012-3985

cross-site scripting

xss

mozilla firefox

thunderbird

seamonkey

html5 same origin policy

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

8.3

Confidence

High

EPSS

0.003

Percentile

70.6%

JSON

Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly implement the HTML5 Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging initial-origin access after document.domain has been set.

Affected configurations

Nvd

Node

mozillafirefoxRange<16.0

mozillaseamonkeyRange<2.13

mozillathunderbirdRange<16.0

Node

canonicalubuntu_linuxMatch10.04

canonicalubuntu_linuxMatch11.04

canonicalubuntu_linuxMatch11.10

canonicalubuntu_linuxMatch12.04esm

Node

suselinux_enterprise_desktopMatch10sp4-

suselinux_enterprise_desktopMatch11sp2

suselinux_enterprise_serverMatch10sp4-

suselinux_enterprise_serverMatch11sp2-

suselinux_enterprise_serverMatch11sp2vmware

VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozillaseamonkey*cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
mozillathunderbird*cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
canonicalubuntu_linux10.04cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:*:*:*:*
canonicalubuntu_linux11.04cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
canonicalubuntu_linux11.10cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
canonicalubuntu_linux12.04cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
suselinux_enterprise_desktop10cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*
suselinux_enterprise_desktop11cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*
suselinux_enterprise_server10cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*

Vendor	Product	Version	CPE
mozilla	firefox	*	cpe:2.3:a:mozilla:firefox::::::::
mozilla	seamonkey	*	cpe:2.3:a:mozilla:seamonkey::::::::
mozilla	thunderbird	*	cpe:2.3:a:mozilla:thunderbird::::::::
canonical	ubuntu_linux	10.04	cpe:2.3:o:canonical:ubuntu_linux:10.04:::::::*
canonical	ubuntu_linux	11.04	cpe:2.3:o:canonical:ubuntu_linux:11.04:::::::*
canonical	ubuntu_linux	11.10	cpe:2.3:o:canonical:ubuntu_linux:11.10:::::::*
canonical	ubuntu_linux	12.04	cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
suse	linux_enterprise_desktop	10	cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:::-:::*
suse	linux_enterprise_desktop	11	cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2::::::
suse	linux_enterprise_server	10	cpe:2.3:o:suse:linux_enterprise_server:10:sp4:::-:::*