CVE-2012-4195

NONECVSS 0.0

0.0

The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 does not properly determine the calling document and principal in its return value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, and makes it easier for remote attackers to execute arbitrary JavaScript code by leveraging certain add-on behavior.

🔗 References (36)

cve@mitrehttp://lists.opensuse.org/opensuse-security-announce/2012-10/msg00019.html
cve@mitrehttp://lists.opensuse.org/opensuse-security-announce/2012-10/msg00025.html
cve@mitrehttp://rhn.redhat.com/errata/RHSA-2012-1407.html
cve@mitrehttp://rhn.redhat.com/errata/RHSA-2012-1413.html
cve@mitrehttp://secunia.com/advisories/51121
cve@mitrehttp://secunia.com/advisories/51123
cve@mitrehttp://secunia.com/advisories/51127
cve@mitrehttp://secunia.com/advisories/51144
cve@mitrehttp://secunia.com/advisories/51146
cve@mitrehttp://secunia.com/advisories/51147
cve@mitrehttp://secunia.com/advisories/51165
cve@mitrehttp://secunia.com/advisories/55318
cve@mitrehttp://www.mozilla.org/security/announce/2012/mfsa2012-90.html
cve@mitrehttp://www.securityfocus.com/bid/56302
cve@mitrehttp://www.ubuntu.com/usn/USN-1620-1

Is Your Infrastructure Affected by CVE-2012-4195?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2012-4195

📅 Published

🔄 Last Modified

🔗 References (36)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2012-4195?