Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2012-3985

Disclosure Date: October 10, 2012
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly implement the HTML5 Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging initial-origin access after document.domain has been set.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

Technical Analysis