Vulnerability Description
Mozilla Firefox 16.0, Thunderbird 16.0, and SeaMonkey 2.13 allow remote attackers to bypass the Same Origin Policy and read the properties of a Location object via a crafted web site, a related issue to CVE-2012-4193.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | 16.0 |
| Mozilla | Seamonkey | 2.13 |
| Mozilla | Thunderbird | 16.0 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html
- http://secunia.com/advisories/50904
- http://secunia.com/advisories/50929
- http://secunia.com/advisories/50984
- http://secunia.com/advisories/55318
- http://www.mozilla.org/security/announce/2012/mfsa2012-89.htmlVendor Advisory
- http://www.thespanner.co.uk/2012/10/10/firefox-knows-what-your-friends-did-last-Exploit
- http://www.ubuntu.com/usn/USN-1608-1
- http://www.ubuntu.com/usn/USN-1611-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=799952
- https://exchange.xforce.ibmcloud.com/vulnerabilities/79210
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html
- http://secunia.com/advisories/50904
- http://secunia.com/advisories/50929
FAQ
What is CVE-2012-4192?
CVE-2012-4192 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Mozilla Firefox 16.0, Thunderbird 16.0, and SeaMonkey 2.13 allow remote attackers to bypass the Same Origin Policy and read the properties of a Location object via a crafted web site, a related issue ...
How severe is CVE-2012-4192?
CVE-2012-4192 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-4192?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Seamonkey, Mozilla Thunderbird.