CVE-2012-4196

Sažetak

Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 allow remote attackers to bypass the Same Origin Policy and read the Location object via a prototype property-injection attack that defeats certain protection mechanisms for this object.

Reference

http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00019.html
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00025.html
http://rhn.redhat.com/errata/RHSA-2012-1407.html
http://rhn.redhat.com/errata/RHSA-2012-1413.html
http://secunia.com/advisories/51121
http://secunia.com/advisories/51123
http://secunia.com/advisories/51127
http://secunia.com/advisories/51144
http://secunia.com/advisories/51146
http://secunia.com/advisories/51147
http://secunia.com/advisories/51165
http://secunia.com/advisories/55318
http://www.mozilla.org/security/announce/2012/mfsa2012-90.html
http://www.securityfocus.com/bid/56306
http://www.ubuntu.com/usn/USN-1620-1
http://www.ubuntu.com/usn/USN-1620-2
https://bugzilla.mozilla.org/show_bug.cgi?id=802557
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16962

CVSS

Base:	6.4
Impact:	4.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

21-10-2024 - 13:55

Objavljeno

29-10-2012 - 18:55