1. Home
  2. Vulnerabilities
  3. CVE-2012-4193

CVE-2012-4193

CVSS v2.0 6.8 (Medium)
68% Progress
EPSS 2.25 % (90th)
2.25% Progress
Affected Products 13
Advisories 7
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same Origin Policy and read the properties of a Location object, or execute arbitrary JavaScript code, via a crafted web site.

Weaknesses
CWE-346
Origin Validation Error
Related CVEs
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2012-10-12 10:44:20
(12 years ago)
Updated Date
2020-08-14 18:07:29
(4 years ago)

Affected Products

Canonical

Mozilla

Redhat

Suse

Configuration #1

    CPE23 From Up To
  Mozilla Firefox prior 16.0.1 version cpe:2.3:a:mozilla:firefox < 16.0.1
  Mozilla Firefox Esr from 10.0 version and prior 10.0.9 version cpe:2.3:a:mozilla:firefox_esr >= 10.0 < 10.0.9
  Mozilla Seamonkey prior 2.13.1 version cpe:2.3:a:mozilla:seamonkey < 2.13.1
  Mozilla Thunderbird prior 16.0.1 version cpe:2.3:a:mozilla:thunderbird < 16.0.1
  Mozilla Thunderbird Esr from 10.0 version and prior 10.0.9 version cpe:2.3:a:mozilla:thunderbird_esr >= 10.0 < 10.0.9

Configuration #2

    CPE23 From Up To
  Suse Linux Enterprise Desktop 10 SP4 cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4
  Suse Linux Enterprise Desktop 11 SP2 cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2
  Suse Linux Enterprise Server 10 SP4 cpe:2.3:o:suse:linux_enterprise_server:10:sp4
  Suse Linux Enterprise Server 11 SP2 For cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-
  Suse Linux Enterprise Server 11 SP2 for Vmware cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware
  Suse Linux Enterprise Software Development Kit 10 SP4 cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4

Configuration #3

    CPE23 From Up To
  Canonical Ubuntu Linux 10.04 cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-
  Canonical Ubuntu Linux 11.04 cpe:2.3:o:canonical:ubuntu_linux:11.04
  Canonical Ubuntu Linux 11.10 cpe:2.3:o:canonical:ubuntu_linux:11.10
  Canonical Ubuntu Linux 12.04 cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm

Configuration #4

    CPE23 From Up To
  Redhat Enterprise Linux Desktop 5.0 cpe:2.3:o:redhat:enterprise_linux_desktop:5.0
  Redhat Enterprise Linux Desktop 6.0 cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
  Redhat Enterprise Linux Eus 6.3 cpe:2.3:o:redhat:enterprise_linux_eus:6.3
  Redhat Enterprise Linux Server 5.0 cpe:2.3:o:redhat:enterprise_linux_server:5.0
  Redhat Enterprise Linux Server 6.0 cpe:2.3:o:redhat:enterprise_linux_server:6.0
  Redhat Enterprise Linux Workstation 5.0 cpe:2.3:o:redhat:enterprise_linux_workstation:5.0
  Redhat Enterprise Linux Workstation 6.0 cpe:2.3:o:redhat:enterprise_linux_workstation:6.0