4.3

CVE-2012-4195

The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 does not properly determine the calling document and principal in its return value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, and makes it easier for remote attackers to execute arbitrary JavaScript code by leveraging certain add-on behavior.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version < 10.0.10
MozillaFirefox Version < 16.0.2
MozillaSeamonkey Version < 2.13.2
MozillaThunderbird Version < 16.0.2
MozillaThunderbird Esr Version < 10.0.10
OpensuseOpensuse Version11.4
OpensuseOpensuse Version12.1
OpensuseOpensuse Version12.2
SuseLinux Enterprise Desktop Version10 Updatesp4
SuseLinux Enterprise Desktop Version11 Updatesp2
SuseLinux Enterprise Server Version10 Updatesp4
SuseLinux Enterprise Server Version11 Updatesp2 SwPlatform-
SuseLinux Enterprise Server Version11 Updatesp2 SwPlatformvmware
CanonicalUbuntu Linux Version10.04 SwEdition-
CanonicalUbuntu Linux Version11.04
CanonicalUbuntu Linux Version11.10
CanonicalUbuntu Linux Version12.04 SwEditionesm
CanonicalUbuntu Linux Version12.10
RedhatEnterprise Linux Eus Version6.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.9% 0.77
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://secunia.com/advisories/55318
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00019.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00025.html
Third Party Advisory
Mailing List
http://rhn.redhat.com/errata/RHSA-2012-1407.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-1413.html
Third Party Advisory
http://secunia.com/advisories/51121
Third Party Advisory
http://secunia.com/advisories/51123
Third Party Advisory
http://secunia.com/advisories/51127
Third Party Advisory
http://secunia.com/advisories/51144
Third Party Advisory
http://secunia.com/advisories/51146
Third Party Advisory
http://secunia.com/advisories/51147
Third Party Advisory
http://secunia.com/advisories/51165
Third Party Advisory
http://www.mozilla.org/security/announce/2012/mfsa2012-90.html
Vendor Advisory
http://www.ubuntu.com/usn/USN-1620-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-1620-2
Third Party Advisory
http://www.securityfocus.com/bid/56302
Third Party Advisory
VDB Entry
https://bugzilla.mozilla.org/show_bug.cgi?id=793121
Vendor Advisory
Issue Tracking
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16856
Third Party Advisory