CVE-2012-4194 — MEDIUM (4.3)

Q: How severe is CVE-2012-4194?

CVE-2012-4194 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2012-4194?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Seamonkey, Mozilla Thunderbird, Mozilla Thunderbird Esr, Opensuse Opensuse.

Vulnerability Description

Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 do not prevent use of the valueOf method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Mozilla	Firefox	< 16.0.2
Mozilla	Seamonkey	< 2.13.2
Mozilla	Thunderbird	< 16.0.2
Mozilla	Thunderbird Esr	>= 10.0, < 10.0.10
Opensuse	Opensuse	11.4
Suse	Linux Enterprise Desktop	10
Suse	Linux Enterprise Server	10
Suse	Linux Enterprise Software Development Kit	10
Canonical	Ubuntu Linux	10.04
Redhat	Enterprise Linux Desktop	5.0
Redhat	Enterprise Linux Eus	6.3
Redhat	Enterprise Linux Server	6.0
Redhat	Enterprise Linux Workstation	5.0

Related Weaknesses (CWE)

CWE-79

References

http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00019.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00025.htmlMailing ListThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-1407.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-1413.htmlThird Party Advisory
http://secunia.com/advisories/51121Third Party Advisory
http://secunia.com/advisories/51123Third Party Advisory
http://secunia.com/advisories/51127Third Party Advisory
http://secunia.com/advisories/51144Third Party Advisory
http://secunia.com/advisories/51146Third Party Advisory
http://secunia.com/advisories/51147Third Party Advisory
http://secunia.com/advisories/51165Third Party Advisory
http://secunia.com/advisories/55318Third Party Advisory
http://www.mozilla.org/security/announce/2012/mfsa2012-90.htmlVendor Advisory
http://www.securityfocus.com/bid/56301Third Party AdvisoryVDB Entry
http://www.ubuntu.com/usn/USN-1620-1Third Party Advisory

FAQ

What is CVE-2012-4194?

CVE-2012-4194 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 do not prevent use of the valueOf method to ...

How severe is CVE-2012-4194?

CVE-2012-4194 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2012-4194?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Seamonkey, Mozilla Thunderbird, Mozilla Thunderbird Esr, Opensuse Opensuse.