CVE-2012-3985

EPSS 0.92%
Published 10.10.2012 17:55:01
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly implement the HTML5 Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging initial-origin access after document.domain has been set.

Affected products Warnungen 0 Metrics 2 CWE 1 References 14

Data is provided by the National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version < 16.0

Mozilla ≫ Seamonkey Version < 2.13

Mozilla ≫ Thunderbird Version < 16.0

Canonical ≫ Ubuntu Linux Version10.04

Canonical ≫ Ubuntu Linux Version11.04

Canonical ≫ Ubuntu Linux Version11.10

Canonical ≫ Ubuntu Linux Version12.04 SwEditionesm

Suse ≫ Linux Enterprise Desktop Version10 Updatesp4 SwEdition-

Suse ≫ Linux Enterprise Desktop Version11 Updatesp2

Suse ≫ Linux Enterprise Server Version10 Updatesp4 SwEdition-

Suse ≫ Linux Enterprise Server Version11 Updatesp2 SwPlatform-

Suse ≫ Linux Enterprise Server Version11 Updatesp2 SwPlatformvmware

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.92%	0.74

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html

Third Party Advisory

Mailing List

http://secunia.com/advisories/50856

Broken Link

http://secunia.com/advisories/50892

Broken Link

http://secunia.com/advisories/50904

Broken Link

http://secunia.com/advisories/50935

Broken Link

http://secunia.com/advisories/50984