6.8
CVE-2012-4205
- EPSS 1.61%
- Veröffentlicht 21.11.2012 12:55:01
- Zuletzt bearbeitet 16.06.2026 23:44:36
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks or obtain sensitive information by leveraging a sandboxed add-on.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mozilla ≫ Thunderbird Version < 17.0
Canonical ≫ Ubuntu Linux Version10.04
Canonical ≫ Ubuntu Linux Version11.10
Canonical ≫ Ubuntu Linux Version12.04 SwEditionesm
Canonical ≫ Ubuntu Linux Version12.10
Suse ≫ Linux Enterprise Desktop Version10 Updatesp4 SwEdition-
Suse ≫ Linux Enterprise Desktop Version11 Updatesp2
Suse ≫ Linux Enterprise Server Version10 Updatesp4 SwEdition-
Suse ≫ Linux Enterprise Server Version11 Updatesp2 SwPlatform-
Suse ≫ Linux Enterprise Server Version11 Updatesp2 SwPlatformvmware
Suse ≫ Linux Enterprise Software Development Kit Version11 Updatesp2
Suse ≫ Linux Enterprise Software Development Kit Version11 Updatesp3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.61% | 0.728 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html
http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html
http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html
http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html
http://secunia.com/advisories/51369
http://secunia.com/advisories/51370
http://secunia.com/advisories/51381
http://secunia.com/advisories/51434
http://secunia.com/advisories/51439
http://secunia.com/advisories/51440
http://www.ubuntu.com/usn/USN-1636-1
http://www.ubuntu.com/usn/USN-1638-1
http://www.ubuntu.com/usn/USN-1638-2
http://www.ubuntu.com/usn/USN-1638-3
http://www.mozilla.org/security/announce/2012/mfsa2012-97.html
http://www.securityfocus.com/bid/56621
https://bugzilla.mozilla.org/show_bug.cgi?id=779821
https://exchange.xforce.ibmcloud.com/vulnerabilities/80175
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16965