4.3

CVE-2012-4194

Exploit
Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 do not prevent use of the valueOf method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version < 16.0.2
MozillaFirefox Version >= 10.0 < 10.0.10
MozillaSeamonkey Version < 2.13.2
MozillaThunderbird Version < 16.0.2
MozillaThunderbird Esr Version >= 10.0 < 10.0.10
OpensuseOpensuse Version11.4
OpensuseOpensuse Version12.1
OpensuseOpensuse Version12.2
SuseLinux Enterprise Desktop Version10 Updatesp4
SuseLinux Enterprise Desktop Version11 Updatesp2
SuseLinux Enterprise Server Version10 Updatesp4
SuseLinux Enterprise Server Version11 Updatesp2 SwPlatform-
SuseLinux Enterprise Server Version11 Updatesp2 SwPlatformvmware
CanonicalUbuntu Linux Version10.04 SwEdition-
CanonicalUbuntu Linux Version11.04
CanonicalUbuntu Linux Version11.10
CanonicalUbuntu Linux Version12.04 SwEditionesm
CanonicalUbuntu Linux Version12.10
RedhatEnterprise Linux Eus Version6.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.84% 0.848
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://secunia.com/advisories/55318
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00019.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00025.html
Third Party Advisory
Mailing List
http://rhn.redhat.com/errata/RHSA-2012-1407.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-1413.html
Third Party Advisory
http://secunia.com/advisories/51121
Third Party Advisory
http://secunia.com/advisories/51123
Third Party Advisory
http://secunia.com/advisories/51127
Third Party Advisory
http://secunia.com/advisories/51144
Third Party Advisory
http://secunia.com/advisories/51146
Third Party Advisory
http://secunia.com/advisories/51147
Third Party Advisory
http://secunia.com/advisories/51165
Third Party Advisory
http://www.mozilla.org/security/announce/2012/mfsa2012-90.html
Vendor Advisory
http://www.securityfocus.com/bid/56301
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-1620-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-1620-2
Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=800666
Patch
Vendor Advisory
Exploit
Issue Tracking
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16918
Third Party Advisory