CVE-2012-3985 — Cross-site Scripting in Mozilla Firefox

CWE-79 — Cross-site Scripting7 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

0.9%

top 23.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

6

Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird +3 more

Timeline

PublishedOct 10

Latest updateMay 13

Description

Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly implement the HTML5 Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging initial-origin access after document.domain has been set.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages5 packages

▶NVDmozilla/firefox< 16.0

▶NVDmozilla/seamonkey< 2.13

▶NVDmozilla/thunderbird< 16.0

▶NVDsuse/linux_enterprise_server10, 11+1

▶NVDsuse/linux_enterprise_desktop10, 11+1

Also affects: Ubuntu Linux 10.04, 11.04, 11.10, 12.04

🔴Vulnerability Details

2

GHSA

GHSA-h2cq-jrvg-h8x6: Mozilla Firefox before 16↗2022-05-13

▶

CVEList

CVE-2012-3985: Mozilla Firefox before 16↗2012-10-10

▶

📋Vendor Advisories

3

Ubuntu

Thunderbird vulnerabilities↗2012-10-12

▶

Red Hat

Mozilla: Continued access to initial origin after setting document.domain can lead to XSS attacks (MFSA 2012-76)↗2012-10-09

▶

Ubuntu

Firefox vulnerabilities↗2012-10-09

▶

💬Community

1

Bugzilla

CVE-2012-3985 Mozilla: Continued access to initial origin after setting document.domain can lead to XSS attacks (MFSA 2012-76)↗2012-10-06

▶

CVE-2012-3985 — Cross-site Scripting in Mozilla Firefox | cvebase