Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4192

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-4192
Last Modified 02 Nov 2013 11:26:50
Published 12 Oct 2012 06:44:20
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-4192

Summary

Mozilla Firefox 16.0, Thunderbird 16.0, and SeaMonkey 2.13 allow remote attackers to bypass the Same Origin Policy and read the properties of a Location object via a crafted web site, a related issue to CVE-2012-4193.

Vulnerable Systems

Application

  • Mozilla Firefox 16.0

  • Mozilla Seamonkey 2.13

  • Mozilla Thunderbird 16.0


References

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=799952

MISC - http://www.thespanner.co.uk/2012/10/10/firefox-knows-what-your-friends-did-last-summer/

CONFIRM - http://www.mozilla.org/security/announce/2012/mfsa2012-89.html

UBUNTU - USN-1608-1

XF - mozilla-sop-security-bypass(79210)

UBUNTU - USN-1611-1

SUSE - SUSE-SU-2012:1351

SECUNIA - 50929

SECUNIA - 50984

SECUNIA - 50904

SECUNIA - 55318

Related Patches

Novell SUSE 2012:6951 firefox-201210 security update for SLE 11 SP2 i586

Novell SUSE 2012:6951 firefox-201210 security update for SLE 11 SP2 x86_64

Novell SUSE 2012:8327 firefox-201210 security update for SLE 10 SP4 i586

Novell SUSE 2012:8327 firefox-201210 security update for SLE 10 SP4 x86_64

Mozilla Firefox ESR 10.0.10 for Mac OS X (Update) (See Note)

Mozilla Firefox 16.0.1 for Mac OS X (Update) (See Note)

Mozilla Firefox ESR (en-us) 10.0.10 for Windows (Update) (See Notes)


Last Updated: 27 May 2016 10:53:36