CVE-2012-4195Cross-site Scripting in Mozilla Firefox

CWE-79Cross-site Scripting7 documents6 sources
Severity
4.3MEDIUMNVD
EPSS
1.0%
top 23.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
13
Mozilla FirefoxMozilla SeamonkeyMozilla Thunderbird+10 more
Timeline
PublishedOct 29
Latest updateMay 13

Description

The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 does not properly determine the calling document and principal in its return value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, and makes it easier for remote attackers to execute arbitrary JavaScript code by leveraging certain add-on beh

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages11 packages

NVDmozilla/firefox< 10.0.10+1
NVDmozilla/thunderbird< 16.0.2
NVDmozilla/seamonkey< 2.13.2
NVDopensuse/opensuse11.4, 12.1, 12.2+2

Also affects: Ubuntu Linux 10.04, 11.04, 11.10, 12.04, 12.10, Enterprise Linux 6.3

🔴Vulnerability Details

2
GHSA
GHSA-44cp-4449-xfm3: The nsLocation::CheckURL function in Mozilla Firefox before 162022-05-13
CVEList
CVE-2012-4195: The nsLocation::CheckURL function in Mozilla Firefox before 162012-10-29

📋Vendor Advisories

3
Ubuntu
Thunderbird vulnerabilities2012-10-30
Ubuntu
Firefox vulnerabilities2012-10-26
Red Hat
Mozilla: Fixes for Location object issues (MFSA 2012-90)2012-10-26

💬Community

1
Bugzilla
CVE-2012-4194 CVE-2012-4195 CVE-2012-4196 Mozilla: Fixes for Location object issues (MFSA 2012-90)2012-10-25
CVE-2012-4195 — Cross-site Scripting in Mozilla Firefox | cvebase