CVE-2012-3994

Loading...

General

Score:4.3/10.0
Severity:Low
Category:XSS Injection
Exploit:Available

Impact Metrics

Confidentiality:None
Integrity:Partial
Availability:None

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Relative vulnerabilities

CVE-2012-1956, CVE-2012-3977, CVE-2012-3982, CVE-2012-3983, CVE-2012-3984, CVE-2012-3985, CVE-2012-3986, CVE-2012-3987, CVE-2012-3988, CVE-2012-3989, CVE-2012-3990, CVE-2012-3991, CVE-2012-3992, CVE-2012-3993, CVE-2012-3995, CVE-2012-4179, CVE-2012-4180, CVE-2012-4181, CVE-2012-4182, CVE-2012-4183, CVE-2012-4184, CVE-2012-4185, CVE-2012-4186, CVE-2012-4187, CVE-2012-4188, CVE-2012-4191, CVE-2012-4192, CVE-2012-4193

Published on 10/10/12 - Updated on 19/09/17

Description

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to conduct cross-site scripting (XSS) attacks via a binary plugin that uses Object.defineProperty to shadow the top object, and leverages the relationship between top.location and the location property.

Category: XSS Injection

CWE-79 (Cross-Site Scripting (XSS))
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Security Notices

US National Vulnerability DatabaseCVE-2012-3994
Agence Nationale de la Sécurité des Systèmes d'Information CERTA-2012-AVI-561, CERTA-2013-AVI-590
CentOS CESA-2012:1350, CESA-2012:1351
Mozilla MFSA2012-82
Redhat RHSA-2012:1350, RHSA-2012:1351
Renater 2012/VULN408
SUSE SUSE-SU-2012:1351
Ubuntu USN-1600-1, USN-1611-1

Exploits

SecurityFocusBID-56118

Relative technologies

VendorProduct
mozillafirefox
mozillafirefox_esr
mozillaseamonkey
mozillathunderbird
mozillathunderbird_esr

Share this vulnerability with:

Twitter Facebook LinkedIn Mail