CVE-2012-4196

Metadata

medium
5.0
firefox, seamonkey, thunderbird, xulrunner-1.9.2, xulrunner-2.0
CVE-2012-4196
cve.mitre.org, mozilla.org, ubuntu.com, ubuntu.com, bugs.launchpad.net
2012-10-26
2017-06-16 19:00
Critical CentOS firefox Update
Important CentOS thunderbird Update
CVE-2012-4196 iceweasel
CVE-2012-4196 icedove
2017-06-15 00:13
2017-04-01 20:26
2017-01-05 18:50

Description

Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 allow remote attackers to bypass the Same Origin Policy and read the Location object via a prototype property-injection attack that defeats certain protection mechanisms for this object.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
devel firefox 17.0~b1+build1-0ubuntu1
thunderbird 17.0~b3+build1-0ubuntu1
lucid firefox 16.0.2+build1-0ubuntu0.10.04.1
thunderbird 16.0.2+build1-0ubuntu0.10.04.1
natty firefox 16.0.2+build1-0ubuntu0.11.04.1
oneiric firefox 16.0.2+build1-0ubuntu0.11.10.1
thunderbird 16.0.2+build1-0ubuntu0.11.10.1
precise firefox 16.0.2+build1-0ubuntu0.12.04.1
thunderbird 16.0.2+build1-0ubuntu0.12.04.1
quantal firefox 16.0.2+build1-0ubuntu0.12.10.1
thunderbird 16.0.2+build1-0ubuntu0.12.10.1
raring firefox 17.0~b1+build1-0ubuntu1
thunderbird 17.0~b3+build1-0ubuntu1
saucy firefox 17.0~b1+build1-0ubuntu1
thunderbird 17.0~b3+build1-0ubuntu1
upstream firefox 16.0.2
seamonkey 2.13.2
thunderbird 16.0.2

Unaffected

Release Package Reason
hardy firefox ignored
xulrunner-1.9.2 ignored
xulrunner-2.0 DNE
seamonkey ignored
thunderbird ignored
lucid xulrunner-1.9.2 ignored
xulrunner-2.0 DNE
seamonkey ignored
natty xulrunner-1.9.2 ignored
xulrunner-2.0 ignored
seamonkey ignored
thunderbird ignored
oneiric xulrunner-1.9.2 DNE
xulrunner-2.0 DNE
seamonkey ignored
precise xulrunner-1.9.2 DNE
xulrunner-2.0 DNE
seamonkey DNE
quantal xulrunner-1.9.2 DNE
xulrunner-2.0 DNE
seamonkey DNE
raring xulrunner-1.9.2 DNE
xulrunner-2.0 DNE
seamonkey DNE
saucy xulrunner-1.9.2 DNE
xulrunner-2.0 DNE
seamonkey DNE
devel xulrunner-1.9.2 DNE
xulrunner-2.0 DNE
seamonkey DNE

Needs Triage

Release Package Reason
upstream xulrunner-1.9.2 needs-triage
xulrunner-2.0 needs-triage