Lucene search
Mozilla FoundationMFSA2012-89HistoryOct 11, 2012 - 12:00 a.m.
defaultValue security checks not applied — Mozilla
2012-10-1100:00:00
Mozilla Foundation
www.mozilla.org
21
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.084 Low
EPSS
Percentile
94.4%
Mozilla security researcher moz_bug_r_a4 reported a regression where security wrappers are unwrapped without doing a security check in defaultValue(). This can allow for improper access to the Location object. In versions 15 and earlier of affected products, there was also the potential for arbitrary code execution.
Affected configurations
Node
mozillafirefoxRange<16.0.1
ORmozillafirefox_esrRange<10.0.9
ORmozillaseamonkeyRange<2.13.1
ORmozillathunderbirdRange<16.0.1
ORmozillathunderbird_esrRange<10.0.9
| CPE | Name | Operator | Version |
|---|---|---|---|
| firefox | lt | 16.0.1 | |
| firefox esr | lt | 10.0.9 | |
| seamonkey | lt | 2.13.1 | |
| thunderbird | lt | 16.0.1 | |
| thunderbird esr | lt | 10.0.9 |
Related
openvas
openvas
Mozilla Firefox Security Bypass Vulnerabilities - Oct 12 (Windows)
2012-10-15 00:00:00
Mozilla Firefox Security Bypass Vulnerabilities - Oct 12 (Mac OS X)
2012-10-15 00:00:00
Mozilla Seamonkey Security Bypass Vulnerabilities - Oct 12 (Mac OS X)
2013-07-12 00:00:00
nvd
nvd
CVE-2012-4192
2012-10-12 10:44:20
CVE-2012-4193
2012-10-12 10:44:20
nessus
nessus
Firefox 10.x < 10.0.9 Multiple Vulnerabilities
2012-10-17 00:00:00
Firefox < 10.0.9 Multiple Vulnerabilities (Mac OS X)
2012-10-17 00:00:00
Mozilla Thunderbird 10.x < 10.0.9 Multiple Vulnerabilities
2012-10-17 00:00:00
ubuntucve
ubuntucve
CVE-2012-4192
2012-10-10 00:00:00
CVE-2012-4193
2012-10-11 00:00:00
cvelist
cvelist
CVE-2012-4192
2012-10-12 10:00:00
CVE-2012-4193
2012-10-12 10:00:00
cve
cve
CVE-2012-4192
2012-10-12 10:44:20
CVE-2012-4193
2012-10-12 10:44:20
prion
prion
Design/Logic Flaw
2012-10-12 10:44:00
Design/Logic Flaw
2012-10-12 10:44:00
redhat
redhat
(RHSA-2012:1362) Critical: thunderbird security update
2012-10-12 00:00:00
(RHSA-2012:1361) Critical: xulrunner security update
2012-10-12 00:00:00
oraclelinux
oraclelinux
thunderbird security update
2012-10-12 00:00:00
xulrunner security update
2012-10-12 00:00:00
veracode
veracode
Same Origin Policy Bypass
2019-01-15 08:58:46
centos
centos
xulrunner security update
2012-10-12 21:47:30
thunderbird security update
2012-10-13 02:05:00
checkpoint_advisories
checkpoint_advisories
Mozilla Firefox Cross Domain Information Disclosure (CVE-2012-4192)
2012-12-16 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2012-10-11 00:00:00
Thunderbird vulnerabilities
2012-10-12 00:00:00
suse
suse
MozillaFirefox: update to Firefox 16.0.1 (important)
2012-10-15 15:08:30
Security update for Mozilla Firefox (important)
2012-10-16 22:08:48
Firefox update to 31.1esr (important)
2014-09-09 18:04:16
freebsd
freebsd
mozilla -- multiple vulnerabilities
2012-10-09 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2012-10-29 00:00:00
ibm
ibm
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.084 Low
EPSS
Percentile
94.4%
Related for MFSA2012-89