Home > Vulnerability Database > CVE-2012-4201

Mend.io Vulnerability Database

CVE-2012-4201

Date: November 21, 2012

The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 uses an incorrect context during the handling of JavaScript code that sets the location.href property, which allows remote attackers to conduct cross-site scripting (XSS) attacks or read arbitrary files by leveraging a sandboxed add-on.

Severity Score

3.7

Related Resources (33)

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15995

Url: https://access.redhat.com/security/cve/CVE-2012-4201

Url: http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html

Url: http://www.ubuntu.com/usn/USN-1638-3

Url: http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html

Url: http://www.debian.org/security/2012/dsa-2584

Url: http://www.debian.org/security/2012/dsa-2583

Url: http://secunia.com/advisories/51370

Url: http://www.debian.org/security/2012/dsa-2588

Url: https://nvd.nist.gov/vuln/detail/CVE-2012-4201

Url: http://www.ubuntu.com/usn/USN-1638-2

Url: http://secunia.com/advisories/51359

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=747607

Url: http://www.ubuntu.com/usn/USN-1638-1

Url: http://secunia.com/advisories/51434

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2012-4201

Url: http://www.ubuntu.com/usn/USN-1636-1

Url: http://secunia.com/advisories/51439

Url: http://www.mozilla.org/security/announce/2012/mfsa2012-93.html

Url: http://rhn.redhat.com/errata/RHSA-2012-1482.html

Url: http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2012:173

Url: http://www.securityfocus.com/bid/56618

Url: http://osvdb.org/87594

Url: http://secunia.com/advisories/51360

Url: http://secunia.com/advisories/51381

Url: http://secunia.com/advisories/51440

Url: http://secunia.com/advisories/51369

Url: http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html

Url: http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html

Url: http://rhn.redhat.com/errata/RHSA-2012-1483.html

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/80171

Url: https://www.mend.io/vulnerability-database/CVE-2012-4201

Severity Score

3.7

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2012-4201

Date: November 21, 2012

Severity Score

Related Resources (33)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?