Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

0

CVE-2012-4195

Disclosure Date: October 29, 2012 •

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 does not properly determine the calling document and principal in its return value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, and makes it easier for remote attackers to execute arbitrary JavaScript code by leveraging certain add-on behavior.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

canonical,
mozilla,
opensuse,
redhat,
suse

Products

enterprise linux desktop 5.0,
enterprise linux desktop 6.0,
enterprise linux eus 6.3,
enterprise linux server 5.0,
enterprise linux server 6.0,
enterprise linux workstation 5.0,
enterprise linux workstation 6.0,
firefox,
firefox esr,
linux enterprise desktop 10,
linux enterprise desktop 11,
linux enterprise server 10,
linux enterprise server 11,
linux enterprise software development kit 10,
linux enterprise software development kit 11,
opensuse 11.4,
opensuse 12.1,
opensuse 12.2,
seamonkey,
thunderbird,
thunderbird esr,
ubuntu linux 10.04,
ubuntu linux 11.04,
ubuntu linux 11.10,
ubuntu linux 12.04,
ubuntu linux 12.10

References

Canonical

CVE-2012-4195 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4195)

BID-56302 (http://www.securityfocus.com/bid/56302)

Advisory

SECUNIA-51144 (http://secunia.com/advisories/51144)

http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00025.html

SECUNIA-51123 (http://secunia.com/advisories/51123)

https://bugzilla.mozilla.org/show_bug.cgi?id=793121

SECUNIA-51121 (http://secunia.com/advisories/51121)

SECUNIA-51147 (http://secunia.com/advisories/51147)

USN-1620-1 (http://www.ubuntu.com/usn/USN-1620-1)

http://rhn.redhat.com/errata/RHSA-2012-1407.html

SECUNIA-51127 (http://secunia.com/advisories/51127)

SECUNIA-55318 (http://secunia.com/advisories/55318)

http://www.mozilla.org/security/announce/2012/mfsa2012-90.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16856

USN-1620-2 (http://www.ubuntu.com/usn/USN-1620-2)

http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00019.html

SECUNIA-51165 (http://secunia.com/advisories/51165)

http://rhn.redhat.com/errata/RHSA-2012-1413.html

SECUNIA-51146 (http://secunia.com/advisories/51146)

Rapid7

Technical Analysis