Vulnerabilities > CVE-2012-4193 - Origin Validation Error vulnerability in multiple products
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same Origin Policy and read the properties of a Location object, or execute arbitrary JavaScript code, via a crafted web site.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- JSON Hijacking (aka JavaScript Hijacking) An attacker targets a system that uses JavaScript Object Notation (JSON) as a transport mechanism between the client and the server (common in Web 2.0 systems using AJAX) to steal possibly confidential information transmitted from the server back to the client inside the JSON object by taking advantage of the loophole in the browser's Same Origin Policy that does not prohibit JavaScript from one website to be included and executed in the context of another website. An attacker gets the victim to visit his or her malicious page that contains a script tag whose source points to the vulnerable system with a URL that requests a response from the server containing a JSON object with possibly confidential information. The malicious page also contains malicious code to capture the JSON object returned by the server before any other processing on it can take place, typically by overriding the JavaScript function used to create new objects. This hook allows the malicious code to get access to the creation of each object and transmit the possibly sensitive contents of the captured JSON object to the attackers' server. There is nothing in the browser's security model to prevent the attackers' malicious JavaScript code (originating from attacker's domain) to set up an environment (as described above) to intercept a JSON object response (coming from the vulnerable target system's domain), read its contents and transmit to the attackers' controlled site. The same origin policy protects the domain object model (DOM), but not the JSON.
- Cache Poisoning An attacker exploits the functionality of cache technologies to cause specific data to be cached that aids the attackers' objectives. This describes any attack whereby an attacker places incorrect or harmful material in cache. The targeted cache can be an application's cache (e.g. a web browser cache) or a public cache (e.g. a DNS or ARP cache). Until the cache is refreshed, most applications or clients will treat the corrupted cache value as valid. This can lead to a wide range of exploits including redirecting web browsers towards sites that install malware and repeatedly incorrect calculations based on the incorrect value.
- DNS Cache Poisoning A domain name server translates a domain name (such as www.example.com) into an IP address that Internet hosts use to contact Internet resources. An attacker modifies a public DNS cache to cause certain names to resolve to incorrect addresses that the attacker specifies. The result is that client applications that rely upon the targeted cache for domain name resolution will be directed not to the actual address of the specified domain name but to some other address. Attackers can use this to herd clients to sites that install malware on the victim's computer or to masquerade as part of a Pharming attack.
- Exploitation of Session Variables, Resource IDs and other Trusted Credentials Attacks on session IDs and resource IDs take advantage of the fact that some software accepts user input without verifying its authenticity. For example, a message queuing system that allows service requesters to post messages to its queue through an open channel (such as anonymous FTP), authorization is done through checking group or role membership contained in the posted message. However, there is no proof that the message itself, the information in the message (such group or role membership), or indeed the process that wrote the message to the queue are authentic and authorized to do so. Many server side processes are vulnerable to these attacks because the server to server communications have not been analyzed from a security perspective or the processes "trust" other systems because they are behind a firewall. In a similar way servers that use easy to guess or spoofable schemes for representing digital identity can also be vulnerable. Such systems frequently use schemes without cryptography and digital signatures (or with broken cryptography). Session IDs may be guessed due to insufficient randomness, poor protection (passed in the clear), lack of integrity (unsigned), or improperly correlation with access control policy enforcement points. Exposed configuration and properties files that contain system passwords, database connection strings, and such may also give an attacker an edge to identify these identifiers. The net result is that spoofing and impersonation is possible leading to an attacker's ability to break authentication, authorization, and audit controls on the system.
- Application API Message Manipulation via Man-in-the-Middle An attacker manipulates either egress or ingress data from a client within an application framework in order to change the content of messages. Performing this attack can allow the attacker to gain unauthorized privileges within the application, or conduct attacks such as phishing, deceptive strategies to spread malware, or traditional web-application attacks. The techniques require use of specialized software that allow the attacker to man-in-the-middle communications between the web browser and the remote system. Despite the use of MITM software, the attack is actually directed at the server, as the client is one node in a series of content brokers that pass information along to the application framework. Additionally, it is not true "Man-in-the-Middle" attack at the network layer, but an application-layer attack the root cause of which is the master applications trust in the integrity of code supplied by the client.
Nessus
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-1362.NASL description From Red Hat Security Advisory 2012:1362 : An updated thunderbird package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled security wrappers. Malicious content could cause Thunderbird to execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2012-4193) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges moz_bug_r_a4 as the original reporter. Note: This issue cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. It could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which corrects this issue. After installing the update, Thunderbird must be restarted for the changes to take effect. last seen 2020-05-31 modified 2013-07-12 plugin id 68639 published 2013-07-12 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68639 title Oracle Linux 6 : thunderbird (ELSA-2012-1362) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2012:1362 and # Oracle Linux Security Advisory ELSA-2012-1362 respectively. # include("compat.inc"); if (description) { script_id(68639); script_version("1.8"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/29"); script_cve_id("CVE-2012-4193"); script_bugtraq_id(55889); script_xref(name:"RHSA", value:"2012:1362"); script_name(english:"Oracle Linux 6 : thunderbird (ELSA-2012-1362)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2012:1362 : An updated thunderbird package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled security wrappers. Malicious content could cause Thunderbird to execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2012-4193) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges moz_bug_r_a4 as the original reporter. Note: This issue cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. It could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which corrects this issue. After installing the update, Thunderbird must be restarted for the changes to take effect." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2012-October/003078.html" ); script_set_attribute( attribute:"solution", value:"Update the affected thunderbird package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:thunderbird"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/12"); script_set_attribute(attribute:"patch_publication_date", value:"2012/10/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL6", reference:"thunderbird-10.0.8-2.0.1.el6_3", allowmaj:TRUE)) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "thunderbird"); }NASL family MacOS X Local Security Checks NASL id MACOSX_FIREFOX_16_0_1.NASL description The installed version of Firefox is earlier than 16.0.1 and is therefore potentially affected by the following security issues : - An unspecified error related to the WebSockets implementation and the function last seen 2020-06-01 modified 2020-06-02 plugin id 62585 published 2012-10-17 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62585 title Firefox < 16.0.1 Multiple Vulnerabilities (Mac OS X) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(62585); script_version("1.12"); script_cvs_date("Date: 2019/12/04"); script_cve_id("CVE-2012-4191", "CVE-2012-4192", "CVE-2012-4193"); script_bugtraq_id(56153, 56154, 56155); script_name(english:"Firefox < 16.0.1 Multiple Vulnerabilities (Mac OS X)"); script_summary(english:"Checks version of Firefox"); script_set_attribute(attribute:"synopsis", value: "The remote Mac OS X host contains a web browser that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The installed version of Firefox is earlier than 16.0.1 and is therefore potentially affected by the following security issues : - An unspecified error related to the WebSockets implementation and the function 'mozilla::net::FailDelayManager::Lookup' can allow application crashes and potentially, arbitrary code execution. (CVE-2012-4191) - An unspecified error exists that can allow attackers to bypass the 'Same Origin Policy' and access the 'Location' object. (CVE-2012-4192) - An error exists related to 'security wrappers' and the function 'defaultValue()' that can allow cross-site scripting attacks. (CVE-2012-4193)"); # http://www.thespanner.co.uk/2012/10/10/firefox-knows-what-your-friends-did-last-summer/ script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8993e6b4"); # https://blog.mozilla.org/security/2012/10/10/security-vulnerability-in-firefox-16/ script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?dc43f3c3"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-88/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-89/"); script_set_attribute(attribute:"solution", value: "Upgrade to Firefox 16.0.1 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-4191"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/10"); script_set_attribute(attribute:"patch_publication_date", value:"2012/10/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/10/17"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("macosx_firefox_installed.nasl"); script_require_keys("MacOSX/Firefox/Installed"); exit(0); } include("mozilla_version.inc"); kb_base = "MacOSX/Firefox"; get_kb_item_or_exit(kb_base+"/Installed"); version = get_kb_item_or_exit(kb_base+"/Version", exit_code:1); path = get_kb_item_or_exit(kb_base+"/Path", exit_code:1); if (get_kb_item(kb_base + '/is_esr')) exit(0, 'The Mozilla Firefox installation is in the ESR branch.'); mozilla_check_version(product:'firefox', version:version, path:path, esr:FALSE, fix:'16.0.1', skippat:'^10\\.0\\.', severity:SECURITY_HOLE, xss:TRUE);NASL family Windows NASL id MOZILLA_FIREFOX_1601.NASL description The installed version of Firefox is earlier than 16.0.1 and is therefore potentially affected by the following security issues : - An unspecified error related to the WebSockets implementation and the function last seen 2020-06-01 modified 2020-06-02 plugin id 62589 published 2012-10-17 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62589 title Firefox < 16.0.1 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(62589); script_version("1.11"); script_cvs_date("Date: 2019/12/04"); script_cve_id("CVE-2012-4191", "CVE-2012-4192", "CVE-2012-4193"); script_bugtraq_id(56153, 56154, 56155); script_name(english:"Firefox < 16.0.1 Multiple Vulnerabilities"); script_summary(english:"Checks version of Firefox"); script_set_attribute(attribute:"synopsis", value: "The remote Windows host contains a web browser that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The installed version of Firefox is earlier than 16.0.1 and is therefore potentially affected by the following security issues : - An unspecified error related to the WebSockets implementation and the function 'mozilla::net::FailDelayManager::Lookup' can allow application crashes and potentially, arbitrary code execution. (CVE-2012-4191) - An unspecified error exists that can allow attackers to bypass the 'Same Origin Policy' and access the 'Location' object. (CVE-2012-4192) - An error exists related to 'security wrappers' and the function 'defaultValue()' that can allow cross-site scripting attacks. (CVE-2012-4193)"); # http://www.thespanner.co.uk/2012/10/10/firefox-knows-what-your-friends-did-last-summer/ script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8993e6b4"); # https://blog.mozilla.org/security/2012/10/10/security-vulnerability-in-firefox-16/ script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?dc43f3c3"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-88/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-89/"); script_set_attribute(attribute:"solution", value: "Upgrade to Firefox 16.0.1 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-4191"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/10"); script_set_attribute(attribute:"patch_publication_date", value:"2012/10/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/10/17"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("mozilla_org_installed.nasl"); script_require_keys("Mozilla/Firefox/Version"); exit(0); } include("mozilla_version.inc"); port = get_kb_item_or_exit("SMB/transport"); installs = get_kb_list("SMB/Mozilla/Firefox/*"); if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox"); mozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'16.0.1', severity:SECURITY_HOLE, xss:TRUE);NASL family MacOS X Local Security Checks NASL id MACOSX_THUNDERBIRD_16_0_1.NASL description The installed version of Thunderbird is earlier than 16.0.1 and is therefore potentially affected by the following security issues : - An unspecified error related to the WebSockets implementation and the function last seen 2020-06-01 modified 2020-06-02 plugin id 62587 published 2012-10-17 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62587 title Thunderbird < 16.0.1 Multiple Vulnerabilities (Mac OS X) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(62587); script_version("1.11"); script_cvs_date("Date: 2019/12/04"); script_cve_id("CVE-2012-4191", "CVE-2012-4192", "CVE-2012-4193"); script_bugtraq_id(56153, 56154, 56155); script_name(english:"Thunderbird < 16.0.1 Multiple Vulnerabilities (Mac OS X)"); script_summary(english:"Checks version of Thunderbird"); script_set_attribute(attribute:"synopsis", value: "The remote Mac OS X host contains a mail client that is potentially affected by several vulnerabilities."); script_set_attribute(attribute:"description", value: "The installed version of Thunderbird is earlier than 16.0.1 and is therefore potentially affected by the following security issues : - An unspecified error related to the WebSockets implementation and the function 'mozilla::net::FailDelayManager::Lookup' can allow application crashes and potentially, arbitrary code execution. (CVE-2012-4191) - An unspecified error exists that can allow attackers to bypass the 'Same Origin Policy' and access the 'Location' object. (CVE-2012-4192) - An error exists related to 'security wrappers' and the function 'defaultValue()' that can allow cross-site scripting attacks. (CVE-2012-4193)"); # http://www.thespanner.co.uk/2012/10/10/firefox-knows-what-your-friends-did-last-summer/ script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8993e6b4"); # https://blog.mozilla.org/security/2012/10/10/security-vulnerability-in-firefox-16/ script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?dc43f3c3"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-88/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-89/"); script_set_attribute(attribute:"solution", value: "Upgrade to Thunderbird 16.0.1 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-4191"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/10"); script_set_attribute(attribute:"patch_publication_date", value:"2012/10/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/10/17"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:thunderbird"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("macosx_thunderbird_installed.nasl"); script_require_keys("MacOSX/Thunderbird/Installed"); exit(0); } include("mozilla_version.inc"); kb_base = "MacOSX/Thunderbird"; get_kb_item_or_exit(kb_base+"/Installed"); version = get_kb_item_or_exit(kb_base+"/Version", exit_code:1); path = get_kb_item_or_exit(kb_base+"/Path", exit_code:1); mozilla_check_version(product:'thunderbird', version:version, path:path, esr:FALSE, fix:'16.0.1', skippat:'^10\\.0\\.', severity:SECURITY_HOLE, xss:TRUE);NASL family Windows NASL id MOZILLA_FIREFOX_1009.NASL description The installed version of Firefox 10.x is potentially affected by the following security issues : - An unspecified error exists that can allow attackers to bypass the last seen 2020-06-01 modified 2020-06-02 plugin id 62588 published 2012-10-17 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62588 title Firefox 10.x < 10.0.9 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(62588); script_version("1.11"); script_cvs_date("Date: 2019/12/04"); script_cve_id("CVE-2012-4192", "CVE-2012-4193"); script_bugtraq_id(56154, 56155); script_name(english:"Firefox 10.x < 10.0.9 Multiple Vulnerabilities"); script_summary(english:"Checks version of Firefox"); script_set_attribute(attribute:"synopsis", value: "The remote Windows host contains a web browser that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The installed version of Firefox 10.x is potentially affected by the following security issues : - An unspecified error exists that can allow attackers to bypass the 'Same Origin Policy' and access the 'Location' object. (CVE-2012-4192) - An error exists related to 'security wrappers' and the function 'defaultValue()' that can allow cross-site scripting attacks. (CVE-2012-4193)"); # http://www.thespanner.co.uk/2012/10/10/firefox-knows-what-your-friends-did-last-summer/ script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8993e6b4"); # https://blog.mozilla.org/security/2012/10/10/security-vulnerability-in-firefox-16/ script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?dc43f3c3"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-89/"); script_set_attribute(attribute:"solution", value: "Upgrade to Firefox 10.0.9 ESR or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-4193"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/10"); script_set_attribute(attribute:"patch_publication_date", value:"2012/10/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/10/17"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("mozilla_org_installed.nasl"); script_require_keys("Mozilla/Firefox/Version"); exit(0); } include("mozilla_version.inc"); port = get_kb_item_or_exit("SMB/transport"); installs = get_kb_list("SMB/Mozilla/Firefox/*"); if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox"); mozilla_check_version(installs:installs, product:'firefox', esr:TRUE, fix:'10.0.9', min:'10.0', severity:SECURITY_HOLE, xss:TRUE);NASL family SuSE Local Security Checks NASL id SUSE_SU-2012-1351-1.NASL description Mozilla Firefox was updated to the 10.0.9ESR security release which fixes bugs and security issues : MFSA 2012-73 / CVE-2012-3977: Security researchers Thai Duong and Juliano Rizzo reported that SPDY last seen 2020-06-05 modified 2015-05-20 plugin id 83562 published 2015-05-20 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83562 title SUSE SLED10 / SLED11 / SLES10 / SLES11 Security Update : Mozilla Firefox (SUSE-SU-2012:1351-1) NASL family Windows NASL id SEAMONKEY_2131.NASL description The installed version of SeaMonkey is earlier than 2.13.1. As such, it is potentially affected by the following security issues : - An unspecified error related to the WebSockets implementation and the function last seen 2020-06-01 modified 2020-06-02 plugin id 62592 published 2012-10-17 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62592 title SeaMonkey < 2.13.1 Multiple Vulnerabilities NASL family Windows NASL id MOZILLA_THUNDERBIRD_1601.NASL description The installed version of Thunderbird is earlier than 16.0.1. It is, therefore, potentially affected by the following security issues : - An unspecified error related to the WebSockets implementation and the function last seen 2020-06-01 modified 2020-06-02 plugin id 62591 published 2012-10-17 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62591 title Mozilla Thunderbird < 16.0.1 Multiple Vulnerabilities NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_6E5A9AFD12D311E2B47DC8600054B392.NASL description The Mozilla Project reports : MFSA 2012-74 Miscellaneous memory safety hazards (rv:16.0/ rv:10.0.8) MFSA 2012-75 select element persistance allows for attacks MFSA 2012-76 Continued access to initial origin after setting document.domain MFSA 2012-77 Some DOMWindowUtils methods bypass security checks MFSA 2012-78 Reader Mode pages have chrome privileges MFSA 2012-79 DOS and crash with full screen and history navigation MFSA 2012-80 Crash with invalid cast when using instanceof operator MFSA 2012-81 GetProperty function can bypass security checks MFSA 2012-82 top object and location property accessible by plugins MFSA 2012-83 Chrome Object Wrapper (COW) does not disallow access to privileged functions or properties MFSA 2012-84 Spoofing and script injection through location.hash MFSA 2012-85 Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer MFSA 2012-86 Heap memory corruption issues found using Address Sanitizer MFSA 2012-87 Use-after-free in the IME State Manager MFSA 2012-88 Miscellaneous memory safety hazards (rv:16.0.1) MFSA 2012-89 defaultValue security checks not applied last seen 2020-06-01 modified 2020-06-02 plugin id 62490 published 2012-10-11 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62490 title FreeBSD : mozilla -- multiple vulnerabilities (6e5a9afd-12d3-11e2-b47d-c8600054b392) NASL family Windows NASL id MOZILLA_THUNDERBIRD_1009.NASL description The installed version of Thunderbird 10.x is potentially affected by the following security issues : - An unspecified error exists that can allow attackers to bypass the last seen 2020-06-01 modified 2020-06-02 plugin id 62590 published 2012-10-17 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62590 title Mozilla Thunderbird 10.x < 10.0.9 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-709.NASL description The Mozilla suite received following security updates (bnc#783533) : Mozilla Firefox was updated to 16.0.1. Mozilla SeaMonkey was updated to 2.13.1. Mozilla Thunderbird was updated to 16.0.1. Mozilla XULRunner was updated to 16.0.1. - MFSA 2012-88/CVE-2012-4191 (bmo#798045) Miscellaneous memory safety hazards - MFSA 2012-89/CVE-2012-4192/CVE-2012-4193 (bmo#799952, bmo#720619) defaultValue security checks not applied - MFSA 2012-74/CVE-2012-3982/CVE-2012-3983 Miscellaneous memory safety hazards - MFSA 2012-75/CVE-2012-3984 (bmo#575294) select element persistance allows for attacks - MFSA 2012-76/CVE-2012-3985 (bmo#655649) Continued access to initial origin after setting document.domain - MFSA 2012-77/CVE-2012-3986 (bmo#775868) Some DOMWindowUtils methods bypass security checks - MFSA 2012-79/CVE-2012-3988 (bmo#725770) DOS and crash with full screen and history navigation - MFSA 2012-80/CVE-2012-3989 (bmo#783867) Crash with invalid cast when using instanceof operator - MFSA 2012-81/CVE-2012-3991 (bmo#783260) GetProperty function can bypass security checks - MFSA 2012-82/CVE-2012-3994 (bmo#765527) top object and location property accessible by plugins - MFSA 2012-83/CVE-2012-3993/CVE-2012-4184 (bmo#768101, bmo#780370) Chrome Object Wrapper (COW) does not disallow access to privileged functions or properties - MFSA 2012-84/CVE-2012-3992 (bmo#775009) Spoofing and script injection through location.hash - MFSA 2012-85/CVE-2012-3995/CVE-2012-4179/CVE-2012-4180/ CVE-2012-4181/CVE-2012-4182/CVE-2012-4183 Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer - MFSA 2012-86/CVE-2012-4185/CVE-2012-4186/CVE-2012-4187/ CVE-2012-4188 Heap memory corruption issues found using Address Sanitizer - MFSA 2012-87/CVE-2012-3990 (bmo#787704) last seen 2020-06-05 modified 2014-06-13 plugin id 74779 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74779 title openSUSE Security Update : MozillaFirefox (openSUSE-SU-2012:1345-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-1362.NASL description An updated thunderbird package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled security wrappers. Malicious content could cause Thunderbird to execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2012-4193) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges moz_bug_r_a4 as the original reporter. Note: This issue cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. It could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which corrects this issue. After installing the update, Thunderbird must be restarted for the changes to take effect. last seen 2020-05-31 modified 2012-10-15 plugin id 62542 published 2012-10-15 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62542 title RHEL 5 / 6 : thunderbird (RHSA-2012:1362) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2012-1362.NASL description An updated thunderbird package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled security wrappers. Malicious content could cause Thunderbird to execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2012-4193) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges moz_bug_r_a4 as the original reporter. Note: This issue cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. It could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which corrects this issue. After installing the update, Thunderbird must be restarted for the changes to take effect. last seen 2020-05-31 modified 2012-10-15 plugin id 62522 published 2012-10-15 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62522 title CentOS 5 / 6 : thunderbird (CESA-2012:1362) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-1361.NASL description Updated xulrunner packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. XULRunner provides the XUL Runtime environment for applications using the Gecko layout engine. A flaw was found in the way XULRunner handled security wrappers. A web page containing malicious content could possibly cause an application linked against XULRunner (such as Mozilla Firefox) to execute arbitrary code with the privileges of the user running the application. (CVE-2012-4193) For technical details regarding this flaw, refer to the Mozilla security advisories. You can find a link to the Mozilla advisories in the References section of this erratum. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges moz_bug_r_a4 as the original reporter. All XULRunner users should upgrade to these updated packages, which correct this issue. After installing the update, applications using XULRunner must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 62541 published 2012-10-15 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62541 title RHEL 5 / 6 : xulrunner (RHSA-2012:1361) NASL family MacOS X Local Security Checks NASL id MACOSX_FIREFOX_10_0_9.NASL description The installed version of Firefox is earlier than 10.0.9 and thus, is potentially affected by the following security issues : - An unspecified error exists that can allow attackers to bypass the last seen 2020-06-01 modified 2020-06-02 plugin id 62584 published 2012-10-17 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62584 title Firefox < 10.0.9 Multiple Vulnerabilities (Mac OS X) NASL family SuSE Local Security Checks NASL id SUSE_11_FIREFOX-201210-121015.NASL description Mozilla Firefox was updated to the 10.0.9ESR security release which fixes bugs and security issues : - Security researchers Thai Duong and Juliano Rizzo reported that SPDY last seen 2020-06-05 modified 2013-01-25 plugin id 64133 published 2013-01-25 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64133 title SuSE 11.2 Security Update : Mozilla Firefox (SAT Patch Number 6951) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2012-1361.NASL description Updated xulrunner packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. XULRunner provides the XUL Runtime environment for applications using the Gecko layout engine. A flaw was found in the way XULRunner handled security wrappers. A web page containing malicious content could possibly cause an application linked against XULRunner (such as Mozilla Firefox) to execute arbitrary code with the privileges of the user running the application. (CVE-2012-4193) For technical details regarding this flaw, refer to the Mozilla security advisories. You can find a link to the Mozilla advisories in the References section of this erratum. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges moz_bug_r_a4 as the original reporter. All XULRunner users should upgrade to these updated packages, which correct this issue. After installing the update, applications using XULRunner must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 62521 published 2012-10-15 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62521 title CentOS 5 / 6 : xulrunner (CESA-2012:1361) NASL family Scientific Linux Local Security Checks NASL id SL_20121012_XULRUNNER_ON_SL5_X.NASL description A flaw was found in the way XULRunner handled security wrappers. A web page containing malicious content could possibly cause an application linked against XULRunner (such as Mozilla Firefox) to execute arbitrary code with the privileges of the user running the application. (CVE-2012-4193) After installing the update, applications using XULRunner must be restarted for the changes to take effect. last seen 2020-03-18 modified 2012-10-16 plugin id 62556 published 2012-10-16 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62556 title Scientific Linux Security Update : xulrunner on SL5.x, SL6.x i386/x86_64 (20121012) NASL family MacOS X Local Security Checks NASL id MACOSX_THUNDERBIRD_10_0_9.NASL description The installed version of Thunderbird 10.x is potentially affected by the following security issues : - An unspecified error exists that can allow attackers to bypass the last seen 2020-06-01 modified 2020-06-02 plugin id 62586 published 2012-10-17 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62586 title Thunderbird 10.x < 10.0.9 Multiple Vulnerabilities (Mac OS X) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201301-01.NASL description The remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL’s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser’s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 63402 published 2013-01-08 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63402 title GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-1361.NASL description From Red Hat Security Advisory 2012:1361 : Updated xulrunner packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. XULRunner provides the XUL Runtime environment for applications using the Gecko layout engine. A flaw was found in the way XULRunner handled security wrappers. A web page containing malicious content could possibly cause an application linked against XULRunner (such as Mozilla Firefox) to execute arbitrary code with the privileges of the user running the application. (CVE-2012-4193) For technical details regarding this flaw, refer to the Mozilla security advisories. You can find a link to the Mozilla advisories in the References section of this erratum. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges moz_bug_r_a4 as the original reporter. All XULRunner users should upgrade to these updated packages, which correct this issue. After installing the update, applications using XULRunner must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 68638 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68638 title Oracle Linux 5 / 6 : xulrunner (ELSA-2012-1361) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1611-1.NASL description Henrik Skupin, Jesse Ruderman, Christian Holler, Soroush Dalili and others discovered several memory corruption flaws in Thunderbird. If a user were tricked into opening a malicious website and had JavaScript enabled, an attacker could exploit these to execute arbitrary JavaScript code within the context of another website or arbitrary code as the user invoking the program. (CVE-2012-3982, CVE-2012-3983, CVE-2012-3988, CVE-2012-3989, CVE-2012-4191) David Bloom and Jordi Chancel discovered that Thunderbird did not always properly handle the <select> element. If a user were tricked into opening a malicious website and had JavaScript enabled, a remote attacker could exploit this to conduct URL spoofing and clickjacking attacks. (CVE-2012-3984) Collin Jackson discovered that Thunderbird did not properly follow the HTML5 specification for document.domain behavior. If a user were tricked into opening a malicious website and had JavaScript enabled, a remote attacker could exploit this to conduct cross-site scripting (XSS) attacks via JavaScript execution. (CVE-2012-3985) Johnny Stenback discovered that Thunderbird did not properly perform security checks on test methods for DOMWindowUtils. (CVE-2012-3986) Alice White discovered that the security checks for GetProperty could be bypassed when using JSAPI. If a user were tricked into opening a specially crafted web page and had JavaScript enabled, a remote attacker could exploit this to execute arbitrary code as the user invoking the program. (CVE-2012-3991) Mariusz Mlynski discovered a history state error in Thunderbird. If a user were tricked into opening a malicious website and had JavaScript enabled, a remote attacker could exploit this to spoof the location property to inject script or intercept posted data. (CVE-2012-3992) Mariusz Mlynski and others discovered several flaws in Thunderbird that allowed a remote attacker to conduct cross-site scripting (XSS) attacks. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page and had JavaScript enabled, a remote attacker could exploit these to modify the contents, or steal confidential data, within the same domain. (CVE-2012-3993, CVE-2012-3994, CVE-2012-4184) Abhishek Arya, Atte Kettunen and others discovered several memory flaws in Thunderbird when using the Address Sanitizer tool. If a user were tricked into opening a malicious website and had JavaScript enabled, an attacker could exploit these to execute arbitrary JavaScript code within the context of another website or execute arbitrary code as the user invoking the program. (CVE-2012-3990, CVE-2012-3995, CVE-2012-4179, CVE-2012-4180, CVE-2012-4181, CVE-2012-4182, CVE-2012-4183, CVE-2012-4185, CVE-2012-4186, CVE-2012-4187, CVE-2012-4188) It was discovered that Thunderbird allowed improper access to the Location object. An attacker could exploit this to obtain sensitive information. Under certain circumstances, a remote attacker could use this vulnerability to potentially execute arbitrary code as the user invoking the program. (CVE-2012-4192, CVE-2012-4193). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 62548 published 2012-10-15 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62548 title Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : thunderbird vulnerabilities (USN-1611-1) NASL family SuSE Local Security Checks NASL id SUSE_FIREFOX-201210-8327.NASL description MozillaFirefox was updated to the 10.0.9ESR security release which fixes bugs and security issues : - Security researchers Thai Duong and Juliano Rizzo reported that SPDY last seen 2020-06-05 modified 2012-10-17 plugin id 62573 published 2012-10-17 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62573 title SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8327)
Oval
| accepted | 2014-10-06T04:02:05.626-04:00 | ||||||||||||||||||||||||||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||||||||||||||||||||||||||
| description | Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same Origin Policy and read the properties of a Location object, or execute arbitrary JavaScript code, via a crafted web site. | ||||||||||||||||||||||||||||||||||||||||||||||||
| family | windows | ||||||||||||||||||||||||||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:16786 | ||||||||||||||||||||||||||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||||||||||||||||||||||||||
| submitted | 2013-05-13T10:26:26.748+04:00 | ||||||||||||||||||||||||||||||||||||||||||||||||
| title | Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same Origin Policy and read the properties of a Location object, or execute arbitrary JavaScript code, via a crafted web site. | ||||||||||||||||||||||||||||||||||||||||||||||||
| version | 37 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html
- http://rhn.redhat.com/errata/RHSA-2012-1361.html
- http://rhn.redhat.com/errata/RHSA-2012-1362.html
- http://secunia.com/advisories/50904
- http://secunia.com/advisories/50906
- http://secunia.com/advisories/50907
- http://secunia.com/advisories/50964
- http://secunia.com/advisories/50984
- http://secunia.com/advisories/55318
- http://www.mozilla.org/security/announce/2012/mfsa2012-89.html
- http://www.ubuntu.com/usn/USN-1611-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=720619
- https://exchange.xforce.ibmcloud.com/vulnerabilities/79211
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16786