Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2012-3993 — Improper Privilege Management in Mozilla Firefox
Severity
9.3CRITICALNVD
EPSS
80.8%
top 0.85%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedOct 10
Latest updateMay 13
Description
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallTrigger methods, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site, related to an "XrayWrapper pollution" issue.
CVSS vector
AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0
Affected Packages4 packages
🔴Vulnerability Details
2💥Exploits & PoCs
1Exploit-DB
▶
🔍Detection Rules
1📋Vendor Advisories
3💬Community
1Bugzilla▶
CVE-2012-3993 CVE-2012-4184 Mozilla: Chrome Object Wrapper (COW) does not disallow acces to privileged functions or properties (MFSA 2012-83)↗2012-10-06