CVE-2012-4208
N/A
N/A
Summary
The XrayWrapper implementation in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 does not consider the compartment during property filtering, which allows remote attackers to bypass intended chrome-only restrictions on reading DOM object properties via a crafted web site.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.ubuntu.com/usn/USN-1638-3
- http://secunia.com/advisories/51370
- http://www.ubuntu.com/usn/USN-1638-2
- http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html
- http://www.ubuntu.com/usn/USN-1636-1
- http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html
- http://secunia.com/advisories/51434
- http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html
- http://secunia.com/advisories/51439
- http://secunia.com/advisories/51440
- http://www.ubuntu.com/usn/USN-1638-1
- http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html
- http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html
- http://www.mozilla.org/security/announce/2012/mfsa2012-99.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16695
- http://secunia.com/advisories/51381
- http://www.securityfocus.com/bid/56627
- https://bugzilla.mozilla.org/show_bug.cgi?id=798264
- http://secunia.com/advisories/51369
References
- http://www.ubuntu.com/usn/USN-1638-3
- http://secunia.com/advisories/51370
- http://www.ubuntu.com/usn/USN-1638-2
- http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html
- http://www.ubuntu.com/usn/USN-1636-1
- http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html
- http://secunia.com/advisories/51434
- http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html
- http://secunia.com/advisories/51439
- http://secunia.com/advisories/51440
- http://www.ubuntu.com/usn/USN-1638-1
- http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html
- http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html
- http://www.mozilla.org/security/announce/2012/mfsa2012-99.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16695
- http://secunia.com/advisories/51381
- http://www.securityfocus.com/bid/56627
- https://bugzilla.mozilla.org/show_bug.cgi?id=798264
- http://secunia.com/advisories/51369
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.