CVE-2012-4195

Metadata

medium
5.1
firefox, seamonkey, thunderbird, xulrunner-1.9.2, xulrunner-2.0
CVE-2012-4195
cve.mitre.org, mozilla.org, ubuntu.com, ubuntu.com, bugs.launchpad.net
2012-10-26
2017-06-16 19:00
Critical CentOS firefox Update
Important CentOS thunderbird Update
CVE-2012-4195 iceweasel
CVE-2012-4195 icedove
2017-06-14 23:53
2017-04-01 20:14
2017-01-05 18:36

Description

The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 does not properly determine the calling document and principal in its return value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, and makes it easier for remote attackers to execute arbitrary JavaScript code by leveraging certain add-on behavior.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
devel firefox 17.0~b1+build1-0ubuntu1
thunderbird 17.0~b3+build1-0ubuntu1
lucid firefox 16.0.2+build1-0ubuntu0.10.04.1
thunderbird 16.0.2+build1-0ubuntu0.10.04.1
natty firefox 16.0.2+build1-0ubuntu0.11.04.1
oneiric firefox 16.0.2+build1-0ubuntu0.11.10.1
thunderbird 16.0.2+build1-0ubuntu0.11.10.1
precise firefox 16.0.2+build1-0ubuntu0.12.04.1
thunderbird 16.0.2+build1-0ubuntu0.12.04.1
quantal firefox 16.0.2+build1-0ubuntu0.12.10.1
thunderbird 16.0.2+build1-0ubuntu0.12.10.1
raring firefox 17.0~b1+build1-0ubuntu1
thunderbird 17.0~b3+build1-0ubuntu1
saucy firefox 17.0~b1+build1-0ubuntu1
thunderbird 17.0~b3+build1-0ubuntu1
upstream firefox 16.0.2
seamonkey 2.13.2
thunderbird 16.0.2

Unaffected

Release Package Reason
hardy firefox ignored
xulrunner-1.9.2 ignored
xulrunner-2.0 DNE
seamonkey ignored
thunderbird ignored
lucid xulrunner-1.9.2 ignored
xulrunner-2.0 DNE
seamonkey ignored
natty xulrunner-1.9.2 ignored
xulrunner-2.0 ignored
seamonkey ignored
thunderbird ignored
oneiric xulrunner-1.9.2 DNE
xulrunner-2.0 DNE
seamonkey ignored
precise xulrunner-1.9.2 DNE
xulrunner-2.0 DNE
seamonkey DNE
quantal xulrunner-1.9.2 DNE
xulrunner-2.0 DNE
seamonkey DNE
raring xulrunner-1.9.2 DNE
xulrunner-2.0 DNE
seamonkey DNE
saucy xulrunner-1.9.2 DNE
xulrunner-2.0 DNE
seamonkey DNE
devel xulrunner-1.9.2 DNE
xulrunner-2.0 DNE
seamonkey DNE

Needs Triage

Release Package Reason
upstream xulrunner-1.9.2 needs-triage
xulrunner-2.0 needs-triage