CVE-2012-4195 iceweasel

Metadata

medium
5.1
iceweasel
CVE-2012-4195
2017-11-24 00:46
Critical CentOS firefox Update
Important CentOS thunderbird Update
CVE-2012-4195 icedove
CVE-2012-4195
2017-06-16 19:00
2017-04-01 19:35
2017-01-05 17:47

Description

The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 does not properly determine the calling document and principal in its return value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, and makes it easier for remote attackers to execute arbitrary JavaScript code by leveraging certain add-on behavior.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

None

Unaffected

Release Package Reason
wheezy iceweasel