Home > Vulnerability Database > CVE-2012-4195

Mend.io Vulnerability Database

CVE-2012-4195

Date: October 29, 2012

The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 does not properly determine the calling document and principal in its return value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, and makes it easier for remote attackers to execute arbitrary JavaScript code by leveraging certain add-on behavior.

Severity Score

3.7

Related Resources (22)

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16856

Url: http://secunia.com/advisories/51146

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2012-4195

Url: http://secunia.com/advisories/51123

Url: http://secunia.com/advisories/51144

Url: http://secunia.com/advisories/51121

Url: http://rhn.redhat.com/errata/RHSA-2012-1407.html

Url: http://secunia.com/advisories/55318

Url: http://www.ubuntu.com/usn/USN-1620-2

Url: http://secunia.com/advisories/51165

Url: http://rhn.redhat.com/errata/RHSA-2012-1413.html

Url: https://access.redhat.com/security/cve/CVE-2012-4195

Url: http://www.mozilla.org/security/announce/2012/mfsa2012-90.html

Url: http://secunia.com/advisories/51127

Url: http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00025.html

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=793121

Url: http://secunia.com/advisories/51147

Url: https://nvd.nist.gov/vuln/detail/CVE-2012-4195

Url: http://www.ubuntu.com/usn/USN-1620-1

Url: http://www.securityfocus.com/bid/56302

Url: http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00019.html

Url: https://www.mend.io/vulnerability-database/CVE-2012-4195

Severity Score

3.7

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2012-4195

Date: October 29, 2012

Severity Score

Related Resources (22)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?