Home > Vulnerability Database > CVE-2012-4205

Mend.io Vulnerability Database

CVE-2012-4205

Date: November 21, 2012

Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks or obtain sensitive information by leveraging a sandboxed add-on.

Severity Score

5.6

Related Resources (23)

Url: http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2012-4205

Url: http://www.ubuntu.com/usn/USN-1638-3

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16965

Url: http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html

Url: http://secunia.com/advisories/51370

Url: http://secunia.com/advisories/51381

Url: http://secunia.com/advisories/51440

Url: http://www.ubuntu.com/usn/USN-1638-2

Url: http://www.ubuntu.com/usn/USN-1638-1

Url: http://secunia.com/advisories/51369

Url: https://nvd.nist.gov/vuln/detail/CVE-2012-4205

Url: http://secunia.com/advisories/51434

Url: http://www.ubuntu.com/usn/USN-1636-1

Url: http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html

Url: http://secunia.com/advisories/51439

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=779821

Url: http://www.securityfocus.com/bid/56621

Url: http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html

Url: http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html

Url: http://www.mozilla.org/security/announce/2012/mfsa2012-97.html

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/80175

Url: https://www.mend.io/vulnerability-database/CVE-2012-4205

Severity Score

5.6

Weakness Type (CWE)

Cross-Site Request Forgery (CSRF)

CWE-352

CVSS v3.1

Base Score:	5.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2012-4205

Date: November 21, 2012

Severity Score

Related Resources (23)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?