Vulnerability Description
Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 implement cross-origin wrappers with a filtering behavior that does not properly restrict write actions, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | < 10.0.11 |
| Mozilla | Seamonkey | < 2.14 |
| Mozilla | Thunderbird | < 17.0 |
| Mozilla | Thunderbird Esr | < 10.0.11 |
| Opensuse | Opensuse | 11.4 |
| Suse | Linux Enterprise Desktop | 10 |
| Suse | Linux Enterprise Server | 10 |
| Suse | Linux Enterprise Software Development Kit | 10 |
| Canonical | Ubuntu Linux | 10.04 |
| Redhat | Enterprise Linux Desktop | 5.0 |
| Redhat | Enterprise Linux Eus | 6.3 |
| Redhat | Enterprise Linux Server | 5.0 |
| Redhat | Enterprise Linux Workstation | 5.0 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.htmlMailing ListThird Party Advisory
- http://osvdb.org/87588Broken Link
- http://rhn.redhat.com/errata/RHSA-2012-1482.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2012-1483.htmlThird Party Advisory
- http://secunia.com/advisories/51359Third Party Advisory
- http://secunia.com/advisories/51360Third Party Advisory
- http://secunia.com/advisories/51369Third Party Advisory
- http://secunia.com/advisories/51370Third Party Advisory
- http://secunia.com/advisories/51381Third Party Advisory
- http://secunia.com/advisories/51434Third Party Advisory
- http://secunia.com/advisories/51439Third Party Advisory
FAQ
What is CVE-2012-5841?
CVE-2012-5841 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 implement cross-origin wrappers with a filtering b...
How severe is CVE-2012-5841?
CVE-2012-5841 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-5841?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Seamonkey, Mozilla Thunderbird, Mozilla Thunderbird Esr, Opensuse Opensuse.