Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same Origin Policy and read the properties of a Location object, or execute arbitrary JavaScript code, via a crafted web site.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
21 Oct 2024, 13:55
Type | Values Removed | Values Added |
---|---|---|
CPE |
Information
Published : 2012-10-12 10:44
Updated : 2024-10-21 13:55
NVD link : CVE-2012-4193
Mitre link : CVE-2012-4193
CVE.ORG link : CVE-2012-4193
JSON object : View
Products Affected
mozilla
- seamonkey
- thunderbird
- thunderbird_esr
- firefox
canonical
- ubuntu_linux
suse
- linux_enterprise_server
- linux_enterprise_software_development_kit
- linux_enterprise_desktop
redhat
- enterprise_linux_workstation
- enterprise_linux_server
- enterprise_linux_eus
- enterprise_linux_desktop
CWE
CWE-346
Origin Validation Error