ID CVE-2012-4193
Summary Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same Origin Policy and read the properties of a Location object, or execute arbitrary JavaScript code, via a crafted web site.
References
Vulnerable Configurations
  • Mozilla Firefox 15.0.1
    cpe:2.3:a:mozilla:firefox:15.0.1
  • Mozilla Firefox 15.0
    cpe:2.3:a:mozilla:firefox:15.0
  • Mozilla Firefox 14.0.1
    cpe:2.3:a:mozilla:firefox:14.0.1
  • Mozilla Firefox 14.0
    cpe:2.3:a:mozilla:firefox:14.0
  • Mozilla Firefox 13.0.1
    cpe:2.3:a:mozilla:firefox:13.0.1
  • Mozilla Firefox 13.0
    cpe:2.3:a:mozilla:firefox:13.0
  • Mozilla Firefox 12.0 beta6
    cpe:2.3:a:mozilla:firefox:12.0:beta6
  • Mozilla Firefox 12.0
    cpe:2.3:a:mozilla:firefox:12.0
  • Mozilla Firefox 11.0
    cpe:2.3:a:mozilla:firefox:11.0
  • Mozilla Firefox 10.0.2
    cpe:2.3:a:mozilla:firefox:10.0.2
  • Mozilla Firefox 10.0.1
    cpe:2.3:a:mozilla:firefox:10.0.1
  • Mozilla Firefox 10.0
    cpe:2.3:a:mozilla:firefox:10.0
  • Mozilla Firefox 9.0.1
    cpe:2.3:a:mozilla:firefox:9.0.1
  • Mozilla Firefox 9.0
    cpe:2.3:a:mozilla:firefox:9.0
  • Mozilla Firefox 8.0
    cpe:2.3:a:mozilla:firefox:8.0
  • Mozilla Firefox 8.0.1
    cpe:2.3:a:mozilla:firefox:8.0.1
  • Mozilla Firefox 7.0.1
    cpe:2.3:a:mozilla:firefox:7.0.1
  • Mozilla Firefox 7.0
    cpe:2.3:a:mozilla:firefox:7.0
  • Mozilla Firefox 6.0.2
    cpe:2.3:a:mozilla:firefox:6.0.2
  • Mozilla Firefox 6.0.1
    cpe:2.3:a:mozilla:firefox:6.0.1
  • Mozilla Firefox 6.0
    cpe:2.3:a:mozilla:firefox:6.0
  • Mozilla Firefox 5.0.1
    cpe:2.3:a:mozilla:firefox:5.0.1
  • Mozilla Firefox 5.0
    cpe:2.3:a:mozilla:firefox:5.0
  • Mozilla Firefox 4.0 beta1
    cpe:2.3:a:mozilla:firefox:4.0:beta1
  • Mozilla Firefox 4.0 beta7
    cpe:2.3:a:mozilla:firefox:4.0:beta7
  • Mozilla Firefox 4.0 beta8
    cpe:2.3:a:mozilla:firefox:4.0:beta8
  • Mozilla Firefox 4.0 beta9
    cpe:2.3:a:mozilla:firefox:4.0:beta9
  • Mozilla Firefox 4.0 beta10
    cpe:2.3:a:mozilla:firefox:4.0:beta10
  • Mozilla Firefox 4.0 beta12
    cpe:2.3:a:mozilla:firefox:4.0:beta12
  • Mozilla Firefox 4.0 beta11
    cpe:2.3:a:mozilla:firefox:4.0:beta11
  • Mozilla Firefox 4.0
    cpe:2.3:a:mozilla:firefox:4.0
  • Mozilla Firefox 4.0 beta5
    cpe:2.3:a:mozilla:firefox:4.0:beta5
  • Mozilla Firefox 4.0 beta6
    cpe:2.3:a:mozilla:firefox:4.0:beta6
  • Mozilla Firefox 4.0 beta3
    cpe:2.3:a:mozilla:firefox:4.0:beta3
  • Mozilla Firefox 4.0 beta4
    cpe:2.3:a:mozilla:firefox:4.0:beta4
  • Mozilla Firefox 4.0 beta2
    cpe:2.3:a:mozilla:firefox:4.0:beta2
  • Mozilla Firefox 4.0.1
    cpe:2.3:a:mozilla:firefox:4.0.1
  • Mozilla Firefox 3.0.14
    cpe:2.3:a:mozilla:firefox:3.0.14
  • Mozilla Firefox 3.6.4
    cpe:2.3:a:mozilla:firefox:3.6.4
  • Mozilla Firefox 3.6.20
    cpe:2.3:a:mozilla:firefox:3.6.20
  • Mozilla Firefox 3.5.10
    cpe:2.3:a:mozilla:firefox:3.5.10
  • Mozilla Firefox 3.6.21
    cpe:2.3:a:mozilla:firefox:3.6.21
  • Mozilla Firefox 3.6
    cpe:2.3:a:mozilla:firefox:3.6
  • Mozilla Firefox 3.0.1
    cpe:2.3:a:mozilla:firefox:3.0.1
  • Mozilla Firefox 3.6.22
    cpe:2.3:a:mozilla:firefox:3.6.22
  • Mozilla Firefox 3.6.2
    cpe:2.3:a:mozilla:firefox:3.6.2
  • Mozilla Firefox 3.6.25
    cpe:2.3:a:mozilla:firefox:3.6.25
  • Mozilla Firefox 3.6.24
    cpe:2.3:a:mozilla:firefox:3.6.24
  • Mozilla Firefox 3.6.3
    cpe:2.3:a:mozilla:firefox:3.6.3
  • Mozilla Firefox 3.6.11
    cpe:2.3:a:mozilla:firefox:3.6.11
  • Mozilla Firefox 3.5.14
    cpe:2.3:a:mozilla:firefox:3.5.14
  • Mozilla Firefox 3.5.12
    cpe:2.3:a:mozilla:firefox:3.5.12
  • Mozilla Firefox 3.0.3
    cpe:2.3:a:mozilla:firefox:3.0.3
  • Mozilla Firefox 3.5.13
    cpe:2.3:a:mozilla:firefox:3.5.13
  • Mozilla Firefox 3.0.5
    cpe:2.3:a:mozilla:firefox:3.0.5
  • Mozilla Firefox 3.6.23
    cpe:2.3:a:mozilla:firefox:3.6.23
  • Mozilla Firefox 3.6.10
    cpe:2.3:a:mozilla:firefox:3.6.10
  • Mozilla Firefox 3.5.1
    cpe:2.3:a:mozilla:firefox:3.5.1
  • Mozilla Firefox 3.0.11
    cpe:2.3:a:mozilla:firefox:3.0.11
  • Mozilla Firefox 3.0
    cpe:2.3:a:mozilla:firefox:3.0
  • Mozilla Firefox 3.6.9
    cpe:2.3:a:mozilla:firefox:3.6.9
  • Mozilla Firefox 3.6.13
    cpe:2.3:a:mozilla:firefox:3.6.13
  • Mozilla Firefox 3.0.12
    cpe:2.3:a:mozilla:firefox:3.0.12
  • Mozilla Firefox 3.5.7
    cpe:2.3:a:mozilla:firefox:3.5.7
  • Mozilla Firefox 3.6.19
    cpe:2.3:a:mozilla:firefox:3.6.19
  • Mozilla Firefox 3.6.12
    cpe:2.3:a:mozilla:firefox:3.6.12
  • Mozilla Firefox 3.6.8
    cpe:2.3:a:mozilla:firefox:3.6.8
  • Mozilla Firefox 3.6.18
    cpe:2.3:a:mozilla:firefox:3.6.18
  • Mozilla Firefox 3.6.6
    cpe:2.3:a:mozilla:firefox:3.6.6
  • Mozilla Firefox 3.6.15
    cpe:2.3:a:mozilla:firefox:3.6.15
  • Mozilla Firefox 3.0.17
    cpe:2.3:a:mozilla:firefox:3.0.17
  • Mozilla Firefox 3.6.7
    cpe:2.3:a:mozilla:firefox:3.6.7
  • Mozilla Firefox 3.6.16
    cpe:2.3:a:mozilla:firefox:3.6.16
  • Mozilla Firefox 3.6.14
    cpe:2.3:a:mozilla:firefox:3.6.14
  • Mozilla Firefox 3.5.11
    cpe:2.3:a:mozilla:firefox:3.5.11
  • Mozilla Firefox 3.0.7
    cpe:2.3:a:mozilla:firefox:3.0.7
  • Mozilla Firefox 3.5.8
    cpe:2.3:a:mozilla:firefox:3.5.8
  • Mozilla Firefox 3.0.16
    cpe:2.3:a:mozilla:firefox:3.0.16
  • Mozilla Firefox 3.5.15
    cpe:2.3:a:mozilla:firefox:3.5.15
  • Mozilla Firefox 3.0.6
    cpe:2.3:a:mozilla:firefox:3.0.6
  • Mozilla Firefox 3.0.10
    cpe:2.3:a:mozilla:firefox:3.0.10
  • Mozilla Firefox 3.5.2
    cpe:2.3:a:mozilla:firefox:3.5.2
  • Mozilla Firefox 3.0.8
    cpe:2.3:a:mozilla:firefox:3.0.8
  • Mozilla Firefox 3.6.17
    cpe:2.3:a:mozilla:firefox:3.6.17
  • Mozilla Firefox 3.0.9
    cpe:2.3:a:mozilla:firefox:3.0.9
  • Mozilla Firefox 3.0.4
    cpe:2.3:a:mozilla:firefox:3.0.4
  • Mozilla Firefox 3.0.13
    cpe:2.3:a:mozilla:firefox:3.0.13
  • Mozilla Firefox 3.5.9
    cpe:2.3:a:mozilla:firefox:3.5.9
  • Mozilla Firefox 3.5.3
    cpe:2.3:a:mozilla:firefox:3.5.3
  • Mozilla Firefox 3.5.4
    cpe:2.3:a:mozilla:firefox:3.5.4
  • Mozilla Firefox 3.5.5
    cpe:2.3:a:mozilla:firefox:3.5.5
  • Mozilla Firefox 3.0.15
    cpe:2.3:a:mozilla:firefox:3.0.15
  • Mozilla Firefox 3.5.6
    cpe:2.3:a:mozilla:firefox:3.5.6
  • Mozilla Firefox 3.0.2
    cpe:2.3:a:mozilla:firefox:3.0.2
  • Mozilla Firefox 3.5
    cpe:2.3:a:mozilla:firefox:3.5
  • Mozilla Firefox 2.0.0.14
    cpe:2.3:a:mozilla:firefox:2.0.0.14
  • Mozilla Firefox 2.0.0.12
    cpe:2.3:a:mozilla:firefox:2.0.0.12
  • Mozilla Firefox 2.0.0.19
    cpe:2.3:a:mozilla:firefox:2.0.0.19
  • Mozilla Firefox 2.0.0.20
    cpe:2.3:a:mozilla:firefox:2.0.0.20
  • Mozilla Firefox 2.0.0.8
    cpe:2.3:a:mozilla:firefox:2.0.0.8
  • Mozilla Firefox 2.0.0.9
    cpe:2.3:a:mozilla:firefox:2.0.0.9
  • Mozilla Firefox 2.0.0.17
    cpe:2.3:a:mozilla:firefox:2.0.0.17
  • Mozilla Firefox 2.0.0.10
    cpe:2.3:a:mozilla:firefox:2.0.0.10
  • Mozilla Firefox 2.0.0.16
    cpe:2.3:a:mozilla:firefox:2.0.0.16
  • Mozilla Firefox 2.0.0.11
    cpe:2.3:a:mozilla:firefox:2.0.0.11
  • Mozilla Firefox 2.0.0.15
    cpe:2.3:a:mozilla:firefox:2.0.0.15
  • Mozilla Firefox 2.0.0.13
    cpe:2.3:a:mozilla:firefox:2.0.0.13
  • Mozilla Firefox 2.0.0.7
    cpe:2.3:a:mozilla:firefox:2.0.0.7
  • Mozilla Firefox 2.0
    cpe:2.3:a:mozilla:firefox:2.0
  • Mozilla Firefox 2.0.0.18
    cpe:2.3:a:mozilla:firefox:2.0.0.18
  • Mozilla Firefox 2.0.0.6
    cpe:2.3:a:mozilla:firefox:2.0.0.6
  • Mozilla Firefox 2.0.0.5
    cpe:2.3:a:mozilla:firefox:2.0.0.5
  • Mozilla Firefox 2.0.0.4
    cpe:2.3:a:mozilla:firefox:2.0.0.4
  • Mozilla Firefox 2.0.0.3
    cpe:2.3:a:mozilla:firefox:2.0.0.3
  • Mozilla Firefox 2.0.0.2
    cpe:2.3:a:mozilla:firefox:2.0.0.2
  • Mozilla Firefox 2.0.0.1
    cpe:2.3:a:mozilla:firefox:2.0.0.1
  • Mozilla Firefox 1.0.1
    cpe:2.3:a:mozilla:firefox:1.0.1
  • Mozilla Firefox 1.0
    cpe:2.3:a:mozilla:firefox:1.0
  • Mozilla Firefox 1.0.3
    cpe:2.3:a:mozilla:firefox:1.0.3
  • Mozilla Firefox 1.0.2
    cpe:2.3:a:mozilla:firefox:1.0.2
  • Mozilla Firefox 1.0.5
    cpe:2.3:a:mozilla:firefox:1.0.5
  • Mozilla Firefox 1.0.4
    cpe:2.3:a:mozilla:firefox:1.0.4
  • Mozilla Firefox 1.0.7
    cpe:2.3:a:mozilla:firefox:1.0.7
  • Mozilla Firefox 1.0.6
    cpe:2.3:a:mozilla:firefox:1.0.6
  • Mozilla Firefox 1.5
    cpe:2.3:a:mozilla:firefox:1.5
  • Mozilla Firefox 1.0.8
    cpe:2.3:a:mozilla:firefox:1.0.8
  • Mozilla Firefox 1.4.1
    cpe:2.3:a:mozilla:firefox:1.4.1
  • Mozilla Firefox 1.0 Preview Release
    cpe:2.3:a:mozilla:firefox:1.0:preview_release
  • Mozilla Firefox 1.5.0.4
    cpe:2.3:a:mozilla:firefox:1.5.0.4
  • Mozilla Firefox 1.5.0.5
    cpe:2.3:a:mozilla:firefox:1.5.0.5
  • Mozilla Firefox 1.5.0.2
    cpe:2.3:a:mozilla:firefox:1.5.0.2
  • Mozilla Firefox 1.5.0.3
    cpe:2.3:a:mozilla:firefox:1.5.0.3
  • Mozilla Firefox 1.5.0.11
    cpe:2.3:a:mozilla:firefox:1.5.0.11
  • Mozilla Firefox 1.5.0.12
    cpe:2.3:a:mozilla:firefox:1.5.0.12
  • Mozilla Firefox 1.5.0.1
    cpe:2.3:a:mozilla:firefox:1.5.0.1
  • Mozilla Firefox 1.5 Beta 1
    cpe:2.3:a:mozilla:firefox:1.5:beta1
  • Mozilla Firefox 1.5.0.10
    cpe:2.3:a:mozilla:firefox:1.5.0.10
  • Mozilla Firefox 1.5.3
    cpe:2.3:a:mozilla:firefox:1.5.3
  • Mozilla Firefox 1.5.4
    cpe:2.3:a:mozilla:firefox:1.5.4
  • Mozilla Firefox 1.5.1
    cpe:2.3:a:mozilla:firefox:1.5.1
  • Mozilla Firefox 1.5.2
    cpe:2.3:a:mozilla:firefox:1.5.2
  • Mozilla Firefox 1.5.0.8
    cpe:2.3:a:mozilla:firefox:1.5.0.8
  • Mozilla Firefox 1.5.0.9
    cpe:2.3:a:mozilla:firefox:1.5.0.9
  • Mozilla Firefox 1.5.0.6
    cpe:2.3:a:mozilla:firefox:1.5.0.6
  • Mozilla Firefox 1.5.0.7
    cpe:2.3:a:mozilla:firefox:1.5.0.7
  • Mozilla Firefox 1.5 Beta 2
    cpe:2.3:a:mozilla:firefox:1.5:beta2
  • Mozilla Firefox 1.8
    cpe:2.3:a:mozilla:firefox:1.8
  • Mozilla Firefox 1.5.8
    cpe:2.3:a:mozilla:firefox:1.5.8
  • Mozilla Firefox 1.5.7
    cpe:2.3:a:mozilla:firefox:1.5.7
  • Mozilla Firefox 1.5.6
    cpe:2.3:a:mozilla:firefox:1.5.6
  • Mozilla Firefox 1.5.5
    cpe:2.3:a:mozilla:firefox:1.5.5
  • Mozilla Firefox 0.10
    cpe:2.3:a:mozilla:firefox:0.10
  • Mozilla Firefox 0.8
    cpe:2.3:a:mozilla:firefox:0.8
  • Mozilla Firefox 0.10.1
    cpe:2.3:a:mozilla:firefox:0.10.1
  • Mozilla Firefox 0.9.1
    cpe:2.3:a:mozilla:firefox:0.9.1
  • Mozilla Firefox 0.9
    cpe:2.3:a:mozilla:firefox:0.9
  • Mozilla Firefox 0.9.3
    cpe:2.3:a:mozilla:firefox:0.9.3
  • Mozilla Firefox 0.9.2
    cpe:2.3:a:mozilla:firefox:0.9.2
  • Mozilla Firefox 0.9 rc
    cpe:2.3:a:mozilla:firefox:0.9:rc
  • Mozilla Firefox 0.6.1
    cpe:2.3:a:mozilla:firefox:0.6.1
  • Mozilla Firefox 0.7
    cpe:2.3:a:mozilla:firefox:0.7
  • Mozilla Firefox 0.7.1
    cpe:2.3:a:mozilla:firefox:0.7.1
  • Mozilla Firefox 0.3
    cpe:2.3:a:mozilla:firefox:0.3
  • Mozilla Firefox 0.4
    cpe:2.3:a:mozilla:firefox:0.4
  • Mozilla Firefox 0.5
    cpe:2.3:a:mozilla:firefox:0.5
  • Mozilla Firefox 0.6
    cpe:2.3:a:mozilla:firefox:0.6
  • Mozilla Firefox 0.1
    cpe:2.3:a:mozilla:firefox:0.1
  • Mozilla Firefox 0.2
    cpe:2.3:a:mozilla:firefox:0.2
  • Mozilla Firefox 16.0
    cpe:2.3:a:mozilla:firefox:16.0
  • Mozilla Firefox Extended Support Release (ESR) 10.0
    cpe:2.3:a:mozilla:firefox_esr:10.0
  • Mozilla Firefox Extended Support Release (ESR) 10.1
    cpe:2.3:a:mozilla:firefox_esr:10.0.1
  • Mozilla Firefox Extended Support Release (ESR) 10.0.2
    cpe:2.3:a:mozilla:firefox_esr:10.0.2
  • Mozilla Firefox Extended Support Release (ESR) 10.0.3
    cpe:2.3:a:mozilla:firefox_esr:10.0.3
  • Mozilla Firefox Extended Support Release (ESR) 10.0.4
    cpe:2.3:a:mozilla:firefox_esr:10.0.4
  • Mozilla Firefox Extended Support Release (ESR) 10.0.5
    cpe:2.3:a:mozilla:firefox_esr:10.0.5
  • Mozilla Firefox Extended Support Release (ESR) 10.0.6
    cpe:2.3:a:mozilla:firefox_esr:10.0.6
  • Mozilla Firefox Extended Support Release (ESR) 10.0.7
    cpe:2.3:a:mozilla:firefox_esr:10.0.7
  • Mozilla Firefox Extended Support Release (ESR) 10.0.8
    cpe:2.3:a:mozilla:firefox_esr:10.0.8
  • Mozilla Thunderbird 15.0.1
    cpe:2.3:a:mozilla:thunderbird:15.0.1
  • Mozilla Thunderbird 15.0
    cpe:2.3:a:mozilla:thunderbird:15.0
  • Mozilla Thunderbird 14.0
    cpe:2.3:a:mozilla:thunderbird:14.0
  • Mozilla Thunderbird 13.0.1
    cpe:2.3:a:mozilla:thunderbird:13.0.1
  • Mozilla Thunderbird 13.0
    cpe:2.3:a:mozilla:thunderbird:13.0
  • Mozilla Thunderbird 12.0.1
    cpe:2.3:a:mozilla:thunderbird:12.0.1
  • Mozilla Thunderbird 12.0
    cpe:2.3:a:mozilla:thunderbird:12.0
  • Mozilla Thunderbird 11.0.1
    cpe:2.3:a:mozilla:thunderbird:11.0.1
  • Mozilla Thunderbird 11.0
    cpe:2.3:a:mozilla:thunderbird:11.0
  • Mozilla Thunderbird 10.0.4
    cpe:2.3:a:mozilla:thunderbird:10.0.4
  • Mozilla Thunderbird 10.0.3
    cpe:2.3:a:mozilla:thunderbird:10.0.3
  • Mozilla Thunderbird 10.0.2
    cpe:2.3:a:mozilla:thunderbird:10.0.2
  • Mozilla Thunderbird 10.0.1
    cpe:2.3:a:mozilla:thunderbird:10.0.1
  • Mozilla Thunderbird 10.0
    cpe:2.3:a:mozilla:thunderbird:10.0
  • Mozilla Thunderbird 9.0.1
    cpe:2.3:a:mozilla:thunderbird:9.0.1
  • Mozilla Thunderbird 9.0
    cpe:2.3:a:mozilla:thunderbird:9.0
  • Mozilla Thunderbird 8.0
    cpe:2.3:a:mozilla:thunderbird:8.0
  • Mozilla Thunderbird 7.0.1
    cpe:2.3:a:mozilla:thunderbird:7.0.1
  • Mozilla Thunderbird 7.0
    cpe:2.3:a:mozilla:thunderbird:7.0
  • Mozilla Thunderbird 6.0
    cpe:2.3:a:mozilla:thunderbird:6.0
  • Mozilla Thunderbird 6.0.1
    cpe:2.3:a:mozilla:thunderbird:6.0.1
  • Mozilla Thunderbird 6.0.2
    cpe:2.3:a:mozilla:thunderbird:6.0.2
  • Mozilla Thunderbird 5.0
    cpe:2.3:a:mozilla:thunderbird:5.0
  • Mozilla Thunderbird 3.0
    cpe:2.3:a:mozilla:thunderbird:3.0
  • Mozilla Thunderbird 3.0.5
    cpe:2.3:a:mozilla:thunderbird:3.0.5
  • Mozilla Thunderbird 3.1.15
    cpe:2.3:a:mozilla:thunderbird:3.1.15
  • Mozilla Thunderbird 3.1.16
    cpe:2.3:a:mozilla:thunderbird:3.1.16
  • Mozilla Thunderbird 3.0.2
    cpe:2.3:a:mozilla:thunderbird:3.0.2
  • Mozilla Thunderbird 3.0.3
    cpe:2.3:a:mozilla:thunderbird:3.0.3
  • Mozilla Thunderbird 3.0.1
    cpe:2.3:a:mozilla:thunderbird:3.0.1
  • Mozilla Thunderbird 3.1.14
    cpe:2.3:a:mozilla:thunderbird:3.1.14
  • Mozilla Thunderbird 3.1.13
    cpe:2.3:a:mozilla:thunderbird:3.1.13
  • Mozilla Thunderbird 3.1.12
    cpe:2.3:a:mozilla:thunderbird:3.1.12
  • Mozilla Thunderbird 3.0.8
    cpe:2.3:a:mozilla:thunderbird:3.0.8
  • Mozilla Thunderbird 3.0.7
    cpe:2.3:a:mozilla:thunderbird:3.0.7
  • Mozilla Thunderbird 3.1.4
    cpe:2.3:a:mozilla:thunderbird:3.1.4
  • Mozilla Thunderbird 3.1.7
    cpe:2.3:a:mozilla:thunderbird:3.1.7
  • Mozilla Thunderbird 3.1.3
    cpe:2.3:a:mozilla:thunderbird:3.1.3
  • Mozilla Thunderbird 3.0.11
    cpe:2.3:a:mozilla:thunderbird:3.0.11
  • Mozilla Thunderbird 3.1.6
    cpe:2.3:a:mozilla:thunderbird:3.1.6
  • Mozilla Thunderbird 3.1.5
    cpe:2.3:a:mozilla:thunderbird:3.1.5
  • Mozilla Thunderbird 3.0.9
    cpe:2.3:a:mozilla:thunderbird:3.0.9
  • Mozilla Thunderbird 3.1.2
    cpe:2.3:a:mozilla:thunderbird:3.1.2
  • Mozilla Thunderbird 3.0.6
    cpe:2.3:a:mozilla:thunderbird:3.0.6
  • Mozilla Thunderbird 3.1.1
    cpe:2.3:a:mozilla:thunderbird:3.1.1
  • Mozilla Thunderbird 3.1
    cpe:2.3:a:mozilla:thunderbird:3.1
  • Mozilla Thunderbird 3.0.10
    cpe:2.3:a:mozilla:thunderbird:3.0.10
  • Mozilla Thunderbird 3.1.8
    cpe:2.3:a:mozilla:thunderbird:3.1.8
  • Mozilla Thunderbird 3.1.10
    cpe:2.3:a:mozilla:thunderbird:3.1.10
  • Mozilla Thunderbird 3.1.9
    cpe:2.3:a:mozilla:thunderbird:3.1.9
  • Mozilla Thunderbird 3.1.11
    cpe:2.3:a:mozilla:thunderbird:3.1.11
  • Mozilla Thunderbird 3.0.4
    cpe:2.3:a:mozilla:thunderbird:3.0.4
  • Mozilla Thunderbird 3.1.17
    cpe:2.3:a:mozilla:thunderbird:3.1.17
  • Mozilla Thunderbird 2.0.0.1
    cpe:2.3:a:mozilla:thunderbird:2.0.0.1
  • Mozilla Thunderbird 2.0.0.0
    cpe:2.3:a:mozilla:thunderbird:2.0.0.0
  • Mozilla Thunderbird 2.0.0.3
    cpe:2.3:a:mozilla:thunderbird:2.0.0.3
  • Mozilla Thunderbird 2.0.0.2
    cpe:2.3:a:mozilla:thunderbird:2.0.0.2
  • Mozilla Thunderbird 2.0.0.19
    cpe:2.3:a:mozilla:thunderbird:2.0.0.19
  • Mozilla Thunderbird 2.0.0.12
    cpe:2.3:a:mozilla:thunderbird:2.0.0.12
  • Mozilla Thunderbird 2.0.0.5
    cpe:2.3:a:mozilla:thunderbird:2.0.0.5
  • Mozilla Thunderbird 2.0.0.4
    cpe:2.3:a:mozilla:thunderbird:2.0.0.4
  • Mozilla Thunderbird 2.0.0.8
    cpe:2.3:a:mozilla:thunderbird:2.0.0.8
  • Mozilla Thunderbird 2.0.0.11
    cpe:2.3:a:mozilla:thunderbird:2.0.0.11
  • Mozilla Thunderbird 2.0.0.7
    cpe:2.3:a:mozilla:thunderbird:2.0.0.7
  • Mozilla Thunderbird 2.0
    cpe:2.3:a:mozilla:thunderbird:2.0
  • Mozilla Thunderbird 2.0.0.20
    cpe:2.3:a:mozilla:thunderbird:2.0.0.20
  • Mozilla Thunderbird 2.0.0.21
    cpe:2.3:a:mozilla:thunderbird:2.0.0.21
  • Mozilla Thunderbird 2.0.0.16
    cpe:2.3:a:mozilla:thunderbird:2.0.0.16
  • Mozilla Thunderbird 2.0.0.15
    cpe:2.3:a:mozilla:thunderbird:2.0.0.15
  • Mozilla Thunderbird 2.0.0.14
    cpe:2.3:a:mozilla:thunderbird:2.0.0.14
  • Mozilla Thunderbird 2.0.0.17
    cpe:2.3:a:mozilla:thunderbird:2.0.0.17
  • Mozilla Thunderbird 2.0.0.13
    cpe:2.3:a:mozilla:thunderbird:2.0.0.13
  • Mozilla Thunderbird 2.0.0.22
    cpe:2.3:a:mozilla:thunderbird:2.0.0.22
  • Mozilla Thunderbird 2.0.0.9
    cpe:2.3:a:mozilla:thunderbird:2.0.0.9
  • Mozilla Thunderbird 2.0.0.23
    cpe:2.3:a:mozilla:thunderbird:2.0.0.23
  • Mozilla Thunderbird 2.0.0.6
    cpe:2.3:a:mozilla:thunderbird:2.0.0.6
  • Mozilla Thunderbird 2.0.0.18
    cpe:2.3:a:mozilla:thunderbird:2.0.0.18
  • Mozilla Thunderbird 1.5.0.9
    cpe:2.3:a:mozilla:thunderbird:1.5.0.9
  • Mozilla Thunderbird 1.5.0.8
    cpe:2.3:a:mozilla:thunderbird:1.5.0.8
  • Mozilla Thunderbird 1.5.2
    cpe:2.3:a:mozilla:thunderbird:1.5.2
  • Mozilla Thunderbird 1.5.1
    cpe:2.3:a:mozilla:thunderbird:1.5.1
  • Mozilla Thunderbird 1.0.6
    cpe:2.3:a:mozilla:thunderbird:1.0.6
  • Mozilla Thunderbird 1.0.7
    cpe:2.3:a:mozilla:thunderbird:1.0.7
  • Mozilla Thunderbird 1.0.8
    cpe:2.3:a:mozilla:thunderbird:1.0.8
  • Mozilla Thunderbird 1.5
    cpe:2.3:a:mozilla:thunderbird:1.5
  • Mozilla Thunderbird 1.0.2
    cpe:2.3:a:mozilla:thunderbird:1.0.2
  • Mozilla Thunderbird 1.0.3
    cpe:2.3:a:mozilla:thunderbird:1.0.3
  • Mozilla Thunderbird 1.0.4
    cpe:2.3:a:mozilla:thunderbird:1.0.4
  • Mozilla Thunderbird 1.0.5
    cpe:2.3:a:mozilla:thunderbird:1.0.5
  • Mozilla Thunderbird 1.5.0.3
    cpe:2.3:a:mozilla:thunderbird:1.5.0.3
  • Mozilla Thunderbird 1.5.0.4
    cpe:2.3:a:mozilla:thunderbird:1.5.0.4
  • Mozilla Thunderbird 1.5.0.6
    cpe:2.3:a:mozilla:thunderbird:1.5.0.6
  • Mozilla Thunderbird 1.5.0.7
    cpe:2.3:a:mozilla:thunderbird:1.5.0.7
  • Mozilla Thunderbird 1.5.0.1
    cpe:2.3:a:mozilla:thunderbird:1.5.0.1
  • Mozilla Thunderbird 1.5.0.10
    cpe:2.3:a:mozilla:thunderbird:1.5.0.10
  • Mozilla Thunderbird 1.5.0.11
    cpe:2.3:a:mozilla:thunderbird:1.5.0.11
  • Mozilla Thunderbird 1.5.0.2
    cpe:2.3:a:mozilla:thunderbird:1.5.0.2
  • Mozilla Thunderbird 1.0.5 Beta
    cpe:2.3:a:mozilla:thunderbird:1.0.5:beta
  • Mozilla Thunderbird 1.5.0.12
    cpe:2.3:a:mozilla:thunderbird:1.5.0.12
  • Mozilla Thunderbird 1.5.0.5
    cpe:2.3:a:mozilla:thunderbird:1.5.0.5
  • Mozilla Mozilla Mail 1.7.1
    cpe:2.3:a:mozilla:thunderbird:1.7.1
  • Mozilla Mozilla Mail 1.7.3
    cpe:2.3:a:mozilla:thunderbird:1.7.3
  • Mozilla Thunderbird 1.5.0.13
    cpe:2.3:a:mozilla:thunderbird:1.5.0.13
  • Mozilla Thunderbird 1.5.0.14
    cpe:2.3:a:mozilla:thunderbird:1.5.0.14
  • Mozilla Thunderbird 1.5 Beta 2
    cpe:2.3:a:mozilla:thunderbird:1.5:beta2
  • Mozilla Thunderbird 1.0
    cpe:2.3:a:mozilla:thunderbird:1.0
  • Mozilla Thunderbird 1.0.1
    cpe:2.3:a:mozilla:thunderbird:1.0.1
  • Mozilla Thunderbird 0.7.2
    cpe:2.3:a:mozilla:thunderbird:0.7.2
  • Mozilla Thunderbird 0.7.3
    cpe:2.3:a:mozilla:thunderbird:0.7.3
  • Mozilla Thunderbird 0.7
    cpe:2.3:a:mozilla:thunderbird:0.7
  • Mozilla Thunderbird 0.7.1
    cpe:2.3:a:mozilla:thunderbird:0.7.1
  • Mozilla Thunderbird 0.8
    cpe:2.3:a:mozilla:thunderbird:0.8
  • Mozilla Thunderbird 0.9
    cpe:2.3:a:mozilla:thunderbird:0.9
  • Mozilla Thunderbird 0.1
    cpe:2.3:a:mozilla:thunderbird:0.1
  • Mozilla Thunderbird 0.2
    cpe:2.3:a:mozilla:thunderbird:0.2
  • Mozilla Thunderbird 0.5
    cpe:2.3:a:mozilla:thunderbird:0.5
  • Mozilla Thunderbird 0.6
    cpe:2.3:a:mozilla:thunderbird:0.6
  • Mozilla Thunderbird 0.3
    cpe:2.3:a:mozilla:thunderbird:0.3
  • Mozilla Thunderbird 0.4
    cpe:2.3:a:mozilla:thunderbird:0.4
  • Mozilla Thunderbird 16.0
    cpe:2.3:a:mozilla:thunderbird:16.0
  • Mozilla Thunderbird Extended Support Release (ESR) 10.0.3
    cpe:2.3:a:mozilla:thunderbird_esr:10.0.3
  • Mozilla Thunderbird Extended Support Release (ESR) 10.0.4
    cpe:2.3:a:mozilla:thunderbird_esr:10.0.4
  • Mozilla Thunderbird Extended Support Release (ESR) 10.0.7
    cpe:2.3:a:mozilla:thunderbird_esr:10.0.7
  • Mozilla Thunderbird Extended Support Release (ESR) 10.0.5
    cpe:2.3:a:mozilla:thunderbird_esr:10.0.5
  • Mozilla Thunderbird Extended Support Release (ESR) 10.0
    cpe:2.3:a:mozilla:thunderbird_esr:10.0
  • Mozilla Thunderbird Extended Support Release (ESR) 10.0.1
    cpe:2.3:a:mozilla:thunderbird_esr:10.0.1
  • Mozilla Thunderbird Extended Support Release (ESR) 10.0.2
    cpe:2.3:a:mozilla:thunderbird_esr:10.0.2
  • Mozilla Thunderbird Extended Support Release (ESR) 10.0.6
    cpe:2.3:a:mozilla:thunderbird_esr:10.0.6
  • Mozilla Thunderbird Extended Support Release (ESR) 10.0.8
    cpe:2.3:a:mozilla:thunderbird_esr:10.0.8
  • Mozilla SeaMonkey 2.13 beta1
    cpe:2.3:a:mozilla:seamonkey:2.13:beta1
  • Mozilla SeaMonkey 2.13 beta2
    cpe:2.3:a:mozilla:seamonkey:2.13:beta2
  • Mozilla SeaMonkey 2.13 beta3
    cpe:2.3:a:mozilla:seamonkey:2.13:beta3
  • Mozilla SeaMonkey 2.13 beta4
    cpe:2.3:a:mozilla:seamonkey:2.13:beta4
  • Mozilla SeaMonkey 2.13 beta5
    cpe:2.3:a:mozilla:seamonkey:2.13:beta5
  • Mozilla SeaMonkey 2.13 beta6
    cpe:2.3:a:mozilla:seamonkey:2.13:beta6
  • Mozilla SeaMonkey 2.12.1
    cpe:2.3:a:mozilla:seamonkey:2.12.1
  • Mozilla SeaMonkey 2.12 beta5
    cpe:2.3:a:mozilla:seamonkey:2.12:beta5
  • Mozilla SeaMonkey 2.12 beta6
    cpe:2.3:a:mozilla:seamonkey:2.12:beta6
  • Mozilla SeaMonkey 2.12 beta3
    cpe:2.3:a:mozilla:seamonkey:2.12:beta3
  • Mozilla SeaMonkey 2.12 beta4
    cpe:2.3:a:mozilla:seamonkey:2.12:beta4
  • Mozilla SeaMonkey 2.12 beta1
    cpe:2.3:a:mozilla:seamonkey:2.12:beta1
  • Mozilla SeaMonkey 2.12 beta2
    cpe:2.3:a:mozilla:seamonkey:2.12:beta2
  • Mozilla SeaMonkey 2.12
    cpe:2.3:a:mozilla:seamonkey:2.12
  • Mozilla SeaMonkey 2.11 beta4
    cpe:2.3:a:mozilla:seamonkey:2.11:beta4
  • Mozilla SeaMonkey 2.11 beta3
    cpe:2.3:a:mozilla:seamonkey:2.11:beta3
  • Mozilla SeaMonkey 2.11 beta2
    cpe:2.3:a:mozilla:seamonkey:2.11:beta2
  • Mozilla SeaMonkey 2.11 beta1
    cpe:2.3:a:mozilla:seamonkey:2.11:beta1
  • Mozilla SeaMonkey 2.11 beta6
    cpe:2.3:a:mozilla:seamonkey:2.11:beta6
  • Mozilla SeaMonkey 2.11 beta5
    cpe:2.3:a:mozilla:seamonkey:2.11:beta5
  • Mozilla SeaMonkey 2.11
    cpe:2.3:a:mozilla:seamonkey:2.11
  • Mozilla SeaMonkey 2.10.1
    cpe:2.3:a:mozilla:seamonkey:2.10.1
  • Mozilla SeaMonkey 2.10 beta3
    cpe:2.3:a:mozilla:seamonkey:2.10:beta3
  • Mozilla SeaMonkey 2.10 beta2
    cpe:2.3:a:mozilla:seamonkey:2.10:beta2
  • Mozilla SeaMonkey 2.10 beta1
    cpe:2.3:a:mozilla:seamonkey:2.10:beta1
  • Mozilla SeaMonkey 2.10
    cpe:2.3:a:mozilla:seamonkey:2.10
  • Mozilla SeaMonkey 2.9 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.9:beta2
  • Mozilla SeaMonkey 2.9 Beta 1
    cpe:2.3:a:mozilla:seamonkey:2.9:beta1
  • Mozilla SeaMonkey 2.9
    cpe:2.3:a:mozilla:seamonkey:2.9
  • Mozilla SeaMonkey 2.9 Beta 3
    cpe:2.3:a:mozilla:seamonkey:2.9:beta3
  • Mozilla SeaMonkey 2.9.1
    cpe:2.3:a:mozilla:seamonkey:2.9.1
  • Mozilla SeaMonkey 2.9 beta4
    cpe:2.3:a:mozilla:seamonkey:2.9:beta4
  • Mozilla SeaMonkey 2.8 Beta 6
    cpe:2.3:a:mozilla:seamonkey:2.8:beta6
  • Mozilla SeaMonkey 2.8
    cpe:2.3:a:mozilla:seamonkey:2.8
  • Mozilla SeaMonkey 2.8 Beta 1
    cpe:2.3:a:mozilla:seamonkey:2.8:beta1
  • Mozilla SeaMonkey 2.8 Beta 3
    cpe:2.3:a:mozilla:seamonkey:2.8:beta3
  • Mozilla SeaMonkey 2.8 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.8:beta2
  • Mozilla SeaMonkey 2.8 Beta 5
    cpe:2.3:a:mozilla:seamonkey:2.8:beta5
  • Mozilla SeaMonkey 2.8 Beta 4
    cpe:2.3:a:mozilla:seamonkey:2.8:beta4
  • Mozilla SeaMonkey 2.7.1
    cpe:2.3:a:mozilla:seamonkey:2.7.1
  • Mozilla SeaMonkey 2.7.2
    cpe:2.3:a:mozilla:seamonkey:2.7.2
  • Mozilla SeaMonkey 2.7 Beta 4
    cpe:2.3:a:mozilla:seamonkey:2.7:beta4
  • Mozilla SeaMonkey 2.7 Beta 5
    cpe:2.3:a:mozilla:seamonkey:2.7:beta5
  • Mozilla SeaMonkey 2.7 Beta 1
    cpe:2.3:a:mozilla:seamonkey:2.7:beta1
  • Mozilla SeaMonkey 2.7 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.7:beta2
  • Mozilla SeaMonkey 2.7 Beta 3
    cpe:2.3:a:mozilla:seamonkey:2.7:beta3
  • Mozilla SeaMonkey 2.7
    cpe:2.3:a:mozilla:seamonkey:2.7
  • Mozilla SeaMonkey 2.6 Beta 1
    cpe:2.3:a:mozilla:seamonkey:2.6:beta1
  • Mozilla SeaMonkey 2.6 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.6:beta2
  • Mozilla SeaMonkey 2.6 Beta 3
    cpe:2.3:a:mozilla:seamonkey:2.6:beta3
  • Mozilla SeaMonkey 2.6 Beta 4
    cpe:2.3:a:mozilla:seamonkey:2.6:beta4
  • Mozilla SeaMonkey 2.6
    cpe:2.3:a:mozilla:seamonkey:2.6
  • Mozilla SeaMonkey 2.6.1
    cpe:2.3:a:mozilla:seamonkey:2.6.1
  • Mozilla SeaMonkey 2.5
    cpe:2.3:a:mozilla:seamonkey:2.5
  • Mozilla SeaMonkey 2.5 Beta 1
    cpe:2.3:a:mozilla:seamonkey:2.5:beta1
  • Mozilla SeaMonkey 2.5 Beta 3
    cpe:2.3:a:mozilla:seamonkey:2.5:beta3
  • Mozilla SeaMonkey 2.5 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.5:beta2
  • Mozilla SeaMonkey 2.5 Beta 4
    cpe:2.3:a:mozilla:seamonkey:2.5:beta4
  • Mozilla SeaMonkey 2.4
    cpe:2.3:a:mozilla:seamonkey:2.4
  • Mozilla SeaMonkey 2.4.1
    cpe:2.3:a:mozilla:seamonkey:2.4.1
  • Mozilla SeaMonkey 2.4 Beta 1
    cpe:2.3:a:mozilla:seamonkey:2.4:beta1
  • Mozilla SeaMonkey 2.4 Beta 3
    cpe:2.3:a:mozilla:seamonkey:2.4:beta3
  • Mozilla SeaMonkey 2.4 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.4:beta2
  • Mozilla SeaMonkey 2.3.3
    cpe:2.3:a:mozilla:seamonkey:2.3.3
  • Mozilla SeaMonkey 2.3 Beta 3
    cpe:2.3:a:mozilla:seamonkey:2.3:beta3
  • Mozilla SeaMonkey 2.3 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.3:beta2
  • Mozilla SeaMonkey 2.3.1
    cpe:2.3:a:mozilla:seamonkey:2.3.1
  • Mozilla SeaMonkey 2.3
    cpe:2.3:a:mozilla:seamonkey:2.3
  • Mozilla SeaMonkey 2.3.2
    cpe:2.3:a:mozilla:seamonkey:2.3.2
  • Mozilla SeaMonkey 2.3 Beta1
    cpe:2.3:a:mozilla:seamonkey:2.3:beta1
  • Mozilla SeaMonkey 2.2 Beta 1
    cpe:2.3:a:mozilla:seamonkey:2.2:beta1
  • Mozilla SeaMonkey 2.2
    cpe:2.3:a:mozilla:seamonkey:2.2
  • Mozilla SeaMonkey 2.2 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.2:beta2
  • Mozilla SeaMonkey 2.2 Beta 3
    cpe:2.3:a:mozilla:seamonkey:2.2:beta3
  • Mozilla SeaMonkey 2.1 alpha1
    cpe:2.3:a:mozilla:seamonkey:2.1:alpha1
  • Mozilla SeaMonkey 2.1 alpha3
    cpe:2.3:a:mozilla:seamonkey:2.1:alpha3
  • Mozilla SeaMonkey 2.1 alpha2
    cpe:2.3:a:mozilla:seamonkey:2.1:alpha2
  • Mozilla SeaMonkey 2.1
    cpe:2.3:a:mozilla:seamonkey:2.1
  • Mozilla SeaMonkey 2.1 Release Candidate 1
    cpe:2.3:a:mozilla:seamonkey:2.1:rc1
  • Mozilla SeaMonkey 2.1 Release Candidate 2
    cpe:2.3:a:mozilla:seamonkey:2.1:rc2
  • Mozilla SeaMonkey 2.1 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.1:beta2
  • Mozilla SeaMonkey 2.1 Beta 3
    cpe:2.3:a:mozilla:seamonkey:2.1:beta3
  • Mozilla SeaMonkey 2.1 Beta 1
    cpe:2.3:a:mozilla:seamonkey:2.1:beta1
  • Mozilla SeaMonkey 2.0.8
    cpe:2.3:a:mozilla:seamonkey:2.0.8
  • Mozilla SeaMonkey 2.0.7
    cpe:2.3:a:mozilla:seamonkey:2.0.7
  • Mozilla SeaMonkey 2.0.11
    cpe:2.3:a:mozilla:seamonkey:2.0.11
  • Mozilla SeaMonkey 2.0.9
    cpe:2.3:a:mozilla:seamonkey:2.0.9
  • Mozilla SeaMonkey 2.0.6
    cpe:2.3:a:mozilla:seamonkey:2.0.6
  • Mozilla SeaMonkey 2.0.5
    cpe:2.3:a:mozilla:seamonkey:2.0.5
  • Mozilla SeaMonkey 2.0.2
    cpe:2.3:a:mozilla:seamonkey:2.0.2
  • Mozilla SeaMonkey 2.0.1
    cpe:2.3:a:mozilla:seamonkey:2.0.1
  • Mozilla SeaMonkey 2.0.12
    cpe:2.3:a:mozilla:seamonkey:2.0.12
  • Mozilla SeaMonkey 2.0.13
    cpe:2.3:a:mozilla:seamonkey:2.0.13
  • Mozilla SeaMonkey 2.0.10
    cpe:2.3:a:mozilla:seamonkey:2.0.10
  • Mozilla SeaMonkey 2.0.14
    cpe:2.3:a:mozilla:seamonkey:2.0.14
  • Mozilla SeaMonkey 2.0.3
    cpe:2.3:a:mozilla:seamonkey:2.0.3
  • Mozilla SeaMonkey 2.0
    cpe:2.3:a:mozilla:seamonkey:2.0
  • Mozilla SeaMonkey 2.0 RC2
    cpe:2.3:a:mozilla:seamonkey:2.0:rc2
  • Mozilla SeaMonkey 2.0.4
    cpe:2.3:a:mozilla:seamonkey:2.0.4
  • Mozilla SeaMonkey 2.0 Alpha 2
    cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2
  • Mozilla SeaMonkey 2.0 Alpha 1
    cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1
  • Mozilla SeaMonkey 2.0 RC1
    cpe:2.3:a:mozilla:seamonkey:2.0:rc1
  • Mozilla SeaMonkey 2.0 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.0:beta_2
  • Mozilla SeaMonkey 2.0 Beta 1
    cpe:2.3:a:mozilla:seamonkey:2.0:beta_1
  • Mozilla SeaMonkey 2.0 Alpha 3
    cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3
  • Mozilla Seamonkey 1.1.19
    cpe:2.3:a:mozilla:seamonkey:1.1.19
  • Mozilla Seamonkey 1.1.18
    cpe:2.3:a:mozilla:seamonkey:1.1.18
  • Mozilla SeaMonkey 1.1.8
    cpe:2.3:a:mozilla:seamonkey:1.1.8
  • Mozilla SeaMonkey 1.1.17
    cpe:2.3:a:mozilla:seamonkey:1.1.17
  • Mozilla Seamonkey 1.1.7
    cpe:2.3:a:mozilla:seamonkey:1.1.7
  • Mozilla SeaMonkey 1.1.16
    cpe:2.3:a:mozilla:seamonkey:1.1.16
  • Mozilla Seamonkey 1.1.1
    cpe:2.3:a:mozilla:seamonkey:1.1.1
  • Mozilla SeaMonkey 1.1.14
    cpe:2.3:a:mozilla:seamonkey:1.1.14
  • Mozilla SeaMonkey 1.1.15
    cpe:2.3:a:mozilla:seamonkey:1.1.15
  • Mozilla SeaMonkey 1.1.11
    cpe:2.3:a:mozilla:seamonkey:1.1.11
  • Mozilla Seamonkey 1.1.6
    cpe:2.3:a:mozilla:seamonkey:1.1.6
  • Mozilla SeaMonkey 1.1.9
    cpe:2.3:a:mozilla:seamonkey:1.1.9
  • Mozilla SeaMonkey 1.1.12
    cpe:2.3:a:mozilla:seamonkey:1.1.12
  • Mozilla SeaMonkey 1.1 alpha
    cpe:2.3:a:mozilla:seamonkey:1.1:alpha
  • Mozilla SeaMonkey 1.0 alpha
    cpe:2.3:a:mozilla:seamonkey:1.0:alpha
  • Mozilla SeaMonkey 1.1.10
    cpe:2.3:a:mozilla:seamonkey:1.1.10
  • Mozilla SeaMonkey 1.0 beta
    cpe:2.3:a:mozilla:seamonkey:1.0:beta
  • Mozilla Seamonkey 1.1.4
    cpe:2.3:a:mozilla:seamonkey:1.1.4
  • Mozilla Seamonkey 1.1.5
    cpe:2.3:a:mozilla:seamonkey:1.1.5
  • Mozilla SeaMonkey 1.5.0.8
    cpe:2.3:a:mozilla:seamonkey:1.5.0.8
  • Mozilla SeaMonkey 1.5.0.9
    cpe:2.3:a:mozilla:seamonkey:1.5.0.9
  • Mozilla SeaMonkey 1.0.9
    cpe:2.3:a:mozilla:seamonkey:1.0.9
  • Mozilla SeaMonkey 1.0.8
    cpe:2.3:a:mozilla:seamonkey:1.0.8
  • Mozilla SeaMonkey 1.0.7
    cpe:2.3:a:mozilla:seamonkey:1.0.7
  • Mozilla SeaMonkey 1.0.6
    cpe:2.3:a:mozilla:seamonkey:1.0.6
  • Mozilla SeaMonkey 1.5.0.10
    cpe:2.3:a:mozilla:seamonkey:1.5.0.10
  • Mozilla Seamonkey 1.1.3
    cpe:2.3:a:mozilla:seamonkey:1.1.3
  • Mozilla Seamonkey 1.1.2
    cpe:2.3:a:mozilla:seamonkey:1.1.2
  • Mozilla SeaMonkey 1.1.13
    cpe:2.3:a:mozilla:seamonkey:1.1.13
  • Mozilla SeaMonkey 1.1
    cpe:2.3:a:mozilla:seamonkey:1.1
  • Mozilla SeaMonkey 1.0.1
    cpe:2.3:a:mozilla:seamonkey:1.0.1
  • Mozilla SeaMonkey 1.0
    cpe:2.3:a:mozilla:seamonkey:1.0
  • Mozilla SeaMonkey 1.1 beta
    cpe:2.3:a:mozilla:seamonkey:1.1:beta
  • Mozilla SeaMonkey 1.0.5
    cpe:2.3:a:mozilla:seamonkey:1.0.5
  • Mozilla SeaMonkey 1.0.4
    cpe:2.3:a:mozilla:seamonkey:1.0.4
  • Mozilla SeaMonkey 1.0.3
    cpe:2.3:a:mozilla:seamonkey:1.0.3
  • Mozilla SeaMonkey 1.0.2
    cpe:2.3:a:mozilla:seamonkey:1.0.2
  • Mozilla SeaMonkey 2.13
    cpe:2.3:a:mozilla:seamonkey:2.13
CVSS
Base: 9.3 (as of 12-10-2012 - 11:04)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_1601.NASL
    description The installed version of Firefox is earlier than 16.0.1 and is therefore potentially affected by the following security issues : - An unspecified error related to the WebSockets implementation and the function 'mozilla::net::FailDelayManager::Lookup' can allow application crashes and potentially, arbitrary code execution. (CVE-2012-4191) - An unspecified error exists that can allow attackers to bypass the 'Same Origin Policy' and access the 'Location' object. (CVE-2012-4192) - An error exists related to 'security wrappers' and the function 'defaultValue()' that can allow cross-site scripting attacks. (CVE-2012-4193)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 62589
    published 2012-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62589
    title Firefox < 16.0.1 Multiple Vulnerabilities
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2012-1361.NASL
    description From Red Hat Security Advisory 2012:1361 : Updated xulrunner packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. XULRunner provides the XUL Runtime environment for applications using the Gecko layout engine. A flaw was found in the way XULRunner handled security wrappers. A web page containing malicious content could possibly cause an application linked against XULRunner (such as Mozilla Firefox) to execute arbitrary code with the privileges of the user running the application. (CVE-2012-4193) For technical details regarding this flaw, refer to the Mozilla security advisories. You can find a link to the Mozilla advisories in the References section of this erratum. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges moz_bug_r_a4 as the original reporter. All XULRunner users should upgrade to these updated packages, which correct this issue. After installing the update, applications using XULRunner must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68638
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68638
    title Oracle Linux 5 / 6 : xulrunner (ELSA-2012-1361)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2012-1362.NASL
    description An updated thunderbird package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled security wrappers. Malicious content could cause Thunderbird to execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2012-4193) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges moz_bug_r_a4 as the original reporter. Note: This issue cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. It could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which corrects this issue. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 62522
    published 2012-10-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62522
    title CentOS 5 / 6 : thunderbird (CESA-2012:1362)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_THUNDERBIRD_16_0_1.NASL
    description The installed version of Thunderbird is earlier than 16.0.1 and is therefore potentially affected by the following security issues : - An unspecified error related to the WebSockets implementation and the function 'mozilla::net::FailDelayManager::Lookup' can allow application crashes and potentially, arbitrary code execution. (CVE-2012-4191) - An unspecified error exists that can allow attackers to bypass the 'Same Origin Policy' and access the 'Location' object. (CVE-2012-4192) - An error exists related to 'security wrappers' and the function 'defaultValue()' that can allow cross-site scripting attacks. (CVE-2012-4193)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 62587
    published 2012-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62587
    title Thunderbird < 16.0.1 Multiple Vulnerabilities (Mac OS X)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FIREFOX_16_0_1.NASL
    description The installed version of Firefox is earlier than 16.0.1 and is therefore potentially affected by the following security issues : - An unspecified error related to the WebSockets implementation and the function 'mozilla::net::FailDelayManager::Lookup' can allow application crashes and potentially, arbitrary code execution. (CVE-2012-4191) - An unspecified error exists that can allow attackers to bypass the 'Same Origin Policy' and access the 'Location' object. (CVE-2012-4192) - An error exists related to 'security wrappers' and the function 'defaultValue()' that can allow cross-site scripting attacks. (CVE-2012-4193)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 62585
    published 2012-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62585
    title Firefox < 16.0.1 Multiple Vulnerabilities (Mac OS X)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2012-1361.NASL
    description Updated xulrunner packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. XULRunner provides the XUL Runtime environment for applications using the Gecko layout engine. A flaw was found in the way XULRunner handled security wrappers. A web page containing malicious content could possibly cause an application linked against XULRunner (such as Mozilla Firefox) to execute arbitrary code with the privileges of the user running the application. (CVE-2012-4193) For technical details regarding this flaw, refer to the Mozilla security advisories. You can find a link to the Mozilla advisories in the References section of this erratum. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges moz_bug_r_a4 as the original reporter. All XULRunner users should upgrade to these updated packages, which correct this issue. After installing the update, applications using XULRunner must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 62521
    published 2012-10-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62521
    title CentOS 5 / 6 : xulrunner (CESA-2012:1361)
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_1009.NASL
    description The installed version of Firefox 10.x is potentially affected by the following security issues : - An unspecified error exists that can allow attackers to bypass the 'Same Origin Policy' and access the 'Location' object. (CVE-2012-4192) - An error exists related to 'security wrappers' and the function 'defaultValue()' that can allow cross-site scripting attacks. (CVE-2012-4193)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 62588
    published 2012-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62588
    title Firefox 10.x < 10.0.9 Multiple Vulnerabilities
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_THUNDERBIRD_10_0_9.NASL
    description The installed version of Thunderbird 10.x is potentially affected by the following security issues : - An unspecified error exists that can allow attackers to bypass the 'Same Origin Policy' and access the 'Location' object. (CVE-2012-4192) - An error exists related to 'security wrappers' and the function 'defaultValue()' that can allow cross-site scripting attacks. (CVE-2012-4193)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 62586
    published 2012-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62586
    title Thunderbird 10.x < 10.0.9 Multiple Vulnerabilities (Mac OS X)
  • NASL family Windows
    NASL id SEAMONKEY_2131.NASL
    description The installed version of SeaMonkey is earlier than 2.13.1. As such, it is potentially affected by the following security issues : - An unspecified error related to the WebSockets implementation and the function 'mozilla::net::FailDelayManager::Lookup' could allow application crashes and potentially, arbitrary code execution. (CVE-2012-4191) - An unspecified error exists that could allow attackers to bypass the 'Same Origin Policy' and access the 'Location' object. (CVE-2012-4192) - An error exists related to 'security wrappers' and the function 'defaultValue()' that could allow cross-site scripting attacks. (CVE-2012-4193)
    last seen 2019-02-21
    modified 2018-07-27
    plugin id 62592
    published 2012-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62592
    title SeaMonkey < 2.13.1 Multiple Vulnerabilities
  • NASL family Windows
    NASL id MOZILLA_THUNDERBIRD_1601.NASL
    description The installed version of Thunderbird is earlier than 16.0.1. It is, therefore, potentially affected by the following security issues : - An unspecified error related to the WebSockets implementation and the function 'mozilla::net::FailDelayManager::Lookup' could allow application crashes and potentially, arbitrary code execution. (CVE-2012-4191) - An unspecified error exists that could allow attackers to bypass the 'Same Origin Policy' and access the 'Location' object. (CVE-2012-4192) - An error exists related to 'security wrappers' and the function 'defaultValue()' that could allow cross-site scripting attacks. (CVE-2012-4193)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 62591
    published 2012-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62591
    title Mozilla Thunderbird < 16.0.1 Multiple Vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-1361.NASL
    description Updated xulrunner packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. XULRunner provides the XUL Runtime environment for applications using the Gecko layout engine. A flaw was found in the way XULRunner handled security wrappers. A web page containing malicious content could possibly cause an application linked against XULRunner (such as Mozilla Firefox) to execute arbitrary code with the privileges of the user running the application. (CVE-2012-4193) For technical details regarding this flaw, refer to the Mozilla security advisories. You can find a link to the Mozilla advisories in the References section of this erratum. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges moz_bug_r_a4 as the original reporter. All XULRunner users should upgrade to these updated packages, which correct this issue. After installing the update, applications using XULRunner must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 62541
    published 2012-10-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62541
    title RHEL 5 / 6 : xulrunner (RHSA-2012:1361)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2012-1362.NASL
    description From Red Hat Security Advisory 2012:1362 : An updated thunderbird package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled security wrappers. Malicious content could cause Thunderbird to execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2012-4193) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges moz_bug_r_a4 as the original reporter. Note: This issue cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. It could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which corrects this issue. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68639
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68639
    title Oracle Linux 6 : thunderbird (ELSA-2012-1362)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FIREFOX_10_0_9.NASL
    description The installed version of Firefox is earlier than 10.0.9 and thus, is potentially affected by the following security issues : - An unspecified error exists that can allow attackers to bypass the 'Same Origin Policy' and access the 'Location' object. (CVE-2012-4192) - An error exists related to 'security wrappers' and the function 'defaultValue()' that can allow cross-site scripting attacks. (CVE-2012-4193)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 62584
    published 2012-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62584
    title Firefox < 10.0.9 Multiple Vulnerabilities (Mac OS X)
  • NASL family Windows
    NASL id MOZILLA_THUNDERBIRD_1009.NASL
    description The installed version of Thunderbird 10.x is potentially affected by the following security issues : - An unspecified error exists that can allow attackers to bypass the 'Same Origin Policy' and access the 'Location' object. (CVE-2012-4192) - An error exists related to 'security wrappers' and the function 'defaultValue()' that can allow cross-site scripting attacks. (CVE-2012-4193)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 62590
    published 2012-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62590
    title Mozilla Thunderbird 10.x < 10.0.9 Multiple Vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-1362.NASL
    description An updated thunderbird package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled security wrappers. Malicious content could cause Thunderbird to execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2012-4193) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges moz_bug_r_a4 as the original reporter. Note: This issue cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. It could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which corrects this issue. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 62542
    published 2012-10-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62542
    title RHEL 5 / 6 : thunderbird (RHSA-2012:1362)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201301-01.NASL
    description The remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL’s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser’s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 63402
    published 2013-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63402
    title GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20121012_XULRUNNER_ON_SL5_X.NASL
    description A flaw was found in the way XULRunner handled security wrappers. A web page containing malicious content could possibly cause an application linked against XULRunner (such as Mozilla Firefox) to execute arbitrary code with the privileges of the user running the application. (CVE-2012-4193) After installing the update, applications using XULRunner must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 62556
    published 2012-10-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62556
    title Scientific Linux Security Update : xulrunner on SL5.x, SL6.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2012-1351-1.NASL
    description Mozilla Firefox was updated to the 10.0.9ESR security release which fixes bugs and security issues : MFSA 2012-73 / CVE-2012-3977: Security researchers Thai Duong and Juliano Rizzo reported that SPDY's request header compression leads to information leakage, which can allow the extraction of private data such as session cookies, even over an encrypted SSL connection. (This does not affect Firefox 10 as it does not feature the SPDY extension. It was silently fixed for Firefox 15.) MFSA 2012-74: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. CVE-2012-3983: Henrik Skupin, Jesse Ruderman and moz_bug_r_a4 reported memory safety problems and crashes that affect Firefox 15. CVE-2012-3982: Christian Holler and Jesse Ruderman reported memory safety problems and crashes that affect Firefox ESR 10 and Firefox 15. MFSA 2012-75 / CVE-2012-3984: Security researcher David Bloom of Cue discovered that 'select' elements are always-on-top chromeless windows and that navigation away from a page with an active 'select' menu does not remove this window.When another menu is opened programmatically on a new page, the original 'select' menu can be retained and arbitrary HTML content within it rendered, allowing an attacker to cover arbitrary portions of the new page through absolute positioning/scrolling, leading to spoofing attacks. Security researcher Jordi Chancel found a variation that would allow for click-jacking attacks was well. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. References Navigation away from a page with an active 'select' dropdown menu can be used for URL spoofing, other evil Firefox 10.0.1 : Navigation away from a page with multiple active 'select' dropdown menu can be used for Spoofing And ClickJacking with XPI using window.open and geolocalisation MFSA 2012-76 / CVE-2012-3985: Security researcher Collin Jackson reported a violation of the HTML5 specifications for document.domain behavior. Specified behavior requires pages to only have access to windows in a new document.domain but the observed violation allowed pages to retain access to windows from the page's initial origin in addition to the new document.domain. This could potentially lead to cross-site scripting (XSS) attacks. MFSA 2012-77 / CVE-2012-3986: Mozilla developer Johnny Stenback discovered that several methods of a feature used for testing (DOMWindowUtils) are not protected by existing security checks, allowing these methods to be called through script by web pages. This was addressed by adding the existing security checks to these methods. MFSA 2012-78 / CVE-2012-3987: Security researcher Warren He reported that when a page is transitioned into Reader Mode in Firefox for Android, the resulting page has chrome privileges and its content is not thoroughly sanitized. A successful attack requires user enabling of reader mode for a malicious page, which could then perform an attack similar to cross-site scripting (XSS) to gain the privileges allowed to Firefox on an Android device. This has been fixed by changing the Reader Mode page into an unprivileged page. This vulnerability only affects Firefox for Android. MFSA 2012-79 / CVE-2012-3988: Security researcher Soroush Dalili reported that a combination of invoking full screen mode and navigating backwards in history could, in some circumstances, cause a hang or crash due to a timing dependent use-after-free pointer reference. This crash may be potentially exploitable. MFSA 2012-80 / CVE-2012-3989: Mozilla community member Ms2ger reported a crash due to an invalid cast when using the instanceof operator on certain types of JavaScript objects. This can lead to a potentially exploitable crash. MFSA 2012-81 / CVE-2012-3991: Mozilla community member Alice White reported that when the GetProperty function is invoked through JSAPI, security checking can be bypassed when getting cross-origin properties. This potentially allowed for arbitrary code execution. MFSA 2012-82 / CVE-2012-3994: Security researcher Mariusz Mlynski reported that the location property can be accessed by binary plugins through top.location and top can be shadowed by Object.defineProperty as well. This can allow for possible cross-site scripting (XSS) attacks through plugins. MFSA 2012-83: Security researcher Mariusz Mlynski reported that when InstallTrigger fails, it throws an error wrapped in a Chrome Object Wrapper (COW) that fails to specify exposed properties. These can then be added to the resulting object by an attacker, allowing access to chrome privileged functions through script. While investigating this issue, Mozilla security researcher moz_bug_r_a4 found that COW did not disallow accessing of properties from a standard prototype in some situations, even when the original issue had been fixed. These issues could allow for a cross-site scripting (XSS) attack or arbitrary code execution. CVE-2012-3993: XrayWrapper pollution via unsafe COW CVE-2012-4184: ChromeObjectWrapper is not implemented as intended MFSA 2012-84 / CVE-2012-3992: Security researcher Mariusz Mlynski reported an issue with spoofing of the location property. In this issue, writes to location.hash can be used in concert with scripted history navigation to cause a specific website to be loaded into the history object. The baseURI can then be changed to this stored site, allowing an attacker to inject a script or intercept posted data posted to a location specified with a relative path. MFSA 2012-85: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free, buffer overflow, and out of bounds read issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting two additional use-after-free flaws introduced during Firefox 16 development and fixed before general release. CVE-2012-3995: Out of bounds read in IsCSSWordSpacingSpace CVE-2012-4179: Heap-use-after-free in nsHTMLCSSUtils::CreateCSSPropertyTxn CVE-2012-4180: Heap-buffer-overflow in nsHTMLEditor::IsPrevCharInNodeWhitespace CVE-2012-4181: Heap-use-after-free in nsSMILAnimationController::DoSample CVE-2012-4182: Heap-use-after-free in nsTextEditRules::WillInsert CVE-2012-4183: Heap-use-after-free in DOMSVGTests::GetRequiredFeatures MFSA 2012-86: Security researcher Atte Kettunen from OUSPG reported several heap memory corruption issues found using the Address Sanitizer tool. These issues are potentially exploitable, allowing for remote code execution. CVE-2012-4185: Global-buffer-overflow in nsCharTraits::length CVE-2012-4186: Heap-buffer-overflow in nsWaveReader::DecodeAudioData CVE-2012-4187: Crash with ASSERTION: insPos too small CVE-2012-4188: Heap-buffer-overflow in Convolve3x3 MFSA 2012-87 / CVE-2012-3990: Security researcher miaubiz used the Address Sanitizer tool to discover a use-after-free in the IME State Manager code. This could lead to a potentially exploitable crash. MFSA 2012-89 / CVE-2012-4192 / CVE-2012-4193: Mozilla security researcher moz_bug_r_a4 reported a regression where security wrappers are unwrapped without doing a security check in defaultValue(). This can allow for improper access access to the Location object. In versions 15 and earlier of affected products, there was also the potential for arbitrary code execution. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-05-19
    plugin id 83562
    published 2015-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83562
    title SUSE SLED10 / SLED11 / SLES10 / SLES11 Security Update : Mozilla Firefox (SUSE-SU-2012:1351-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1611-1.NASL
    description Henrik Skupin, Jesse Ruderman, Christian Holler, Soroush Dalili and others discovered several memory corruption flaws in Thunderbird. If a user were tricked into opening a malicious website and had JavaScript enabled, an attacker could exploit these to execute arbitrary JavaScript code within the context of another website or arbitrary code as the user invoking the program. (CVE-2012-3982, CVE-2012-3983, CVE-2012-3988, CVE-2012-3989, CVE-2012-4191) David Bloom and Jordi Chancel discovered that Thunderbird did not always properly handle the
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 62548
    published 2012-10-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62548
    title Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : thunderbird vulnerabilities (USN-1611-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2012-709.NASL
    description The Mozilla suite received following security updates (bnc#783533) : Mozilla Firefox was updated to 16.0.1. Mozilla SeaMonkey was updated to 2.13.1. Mozilla Thunderbird was updated to 16.0.1. Mozilla XULRunner was updated to 16.0.1. - MFSA 2012-88/CVE-2012-4191 (bmo#798045) Miscellaneous memory safety hazards - MFSA 2012-89/CVE-2012-4192/CVE-2012-4193 (bmo#799952, bmo#720619) defaultValue security checks not applied - MFSA 2012-74/CVE-2012-3982/CVE-2012-3983 Miscellaneous memory safety hazards - MFSA 2012-75/CVE-2012-3984 (bmo#575294) select element persistance allows for attacks - MFSA 2012-76/CVE-2012-3985 (bmo#655649) Continued access to initial origin after setting document.domain - MFSA 2012-77/CVE-2012-3986 (bmo#775868) Some DOMWindowUtils methods bypass security checks - MFSA 2012-79/CVE-2012-3988 (bmo#725770) DOS and crash with full screen and history navigation - MFSA 2012-80/CVE-2012-3989 (bmo#783867) Crash with invalid cast when using instanceof operator - MFSA 2012-81/CVE-2012-3991 (bmo#783260) GetProperty function can bypass security checks - MFSA 2012-82/CVE-2012-3994 (bmo#765527) top object and location property accessible by plugins - MFSA 2012-83/CVE-2012-3993/CVE-2012-4184 (bmo#768101, bmo#780370) Chrome Object Wrapper (COW) does not disallow access to privileged functions or properties - MFSA 2012-84/CVE-2012-3992 (bmo#775009) Spoofing and script injection through location.hash - MFSA 2012-85/CVE-2012-3995/CVE-2012-4179/CVE-2012-4180/ CVE-2012-4181/CVE-2012-4182/CVE-2012-4183 Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer - MFSA 2012-86/CVE-2012-4185/CVE-2012-4186/CVE-2012-4187/ CVE-2012-4188 Heap memory corruption issues found using Address Sanitizer - MFSA 2012-87/CVE-2012-3990 (bmo#787704)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 74779
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74779
    title openSUSE Security Update : MozillaFirefox (openSUSE-SU-2012:1345-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_FIREFOX-201210-121015.NASL
    description Mozilla Firefox was updated to the 10.0.9ESR security release which fixes bugs and security issues : - Security researchers Thai Duong and Juliano Rizzo reported that SPDY's request header compression leads to information leakage, which can allow the extraction of private data such as session cookies, even over an encrypted SSL connection. (This does not affect Firefox 10 as it does not feature the SPDY extension. It was silently fixed for Firefox 15.). (MFSA 2012-73 / CVE-2012-3977) - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2012-74) In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. - Henrik Skupin, Jesse Ruderman and moz_bug_r_a4 reported memory safety problems and crashes that affect Firefox 15. (CVE-2012-3983) - Christian Holler and Jesse Ruderman reported memory safety problems and crashes that affect Firefox ESR 10 and Firefox 15. (CVE-2012-3982) - Security researcher David Bloom of Cue discovered that 'select' elements are always-on-top chromeless windows and that navigation away from a page with an active 'select' menu does not remove this window.When another menu is opened programmatically on a new page, the original 'select' menu can be retained and arbitrary HTML content within it rendered, allowing an attacker to cover arbitrary portions of the new page through absolute positioning/scrolling, leading to spoofing attacks. Security researcher Jordi Chancel found a variation that would allow for click-jacking attacks was well. (MFSA 2012-75 / CVE-2012-3984) In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. References Navigation away from a page with an active 'select' dropdown menu can be used for URL spoofing, other evil Firefox 10.0.1 : Navigation away from a page with multiple active 'select' dropdown menu can be used for Spoofing And ClickJacking with XPI using window.open and geolocalisation - Security researcher Collin Jackson reported a violation of the HTML5 specifications for document.domain behavior. Specified behavior requires pages to only have access to windows in a new document.domain but the observed violation allowed pages to retain access to windows from the page's initial origin in addition to the new document.domain. This could potentially lead to cross-site scripting (XSS) attacks. (MFSA 2012-76 / CVE-2012-3985) - Mozilla developer Johnny Stenback discovered that several methods of a feature used for testing (DOMWindowUtils) are not protected by existing security checks, allowing these methods to be called through script by web pages. This was addressed by adding the existing security checks to these methods. (MFSA 2012-77 / CVE-2012-3986) - Security researcher Warren He reported that when a page is transitioned into Reader Mode in Firefox for Android, the resulting page has chrome privileges and its content is not thoroughly sanitized. A successful attack requires user enabling of reader mode for a malicious page, which could then perform an attack similar to cross-site scripting (XSS) to gain the privileges allowed to Firefox on an Android device. This has been fixed by changing the Reader Mode page into an unprivileged page. (MFSA 2012-78 / CVE-2012-3987) This vulnerability only affects Firefox for Android. - Security researcher Soroush Dalili reported that a combination of invoking full screen mode and navigating backwards in history could, in some circumstances, cause a hang or crash due to a timing dependent use-after-free pointer reference. This crash may be potentially exploitable. (MFSA 2012-79 / CVE-2012-3988) - Mozilla community member Ms2ger reported a crash due to an invalid cast when using the instanceof operator on certain types of JavaScript objects. This can lead to a potentially exploitable crash. (MFSA 2012-80 / CVE-2012-3989) - Mozilla community member Alice White reported that when the GetProperty function is invoked through JSAPI, security checking can be bypassed when getting cross-origin properties. This potentially allowed for arbitrary code execution. (MFSA 2012-81 / CVE-2012-3991) - Security researcher Mariusz Mlynski reported that the location property can be accessed by binary plugins through top.location and top can be shadowed by Object.defineProperty as well. This can allow for possible cross-site scripting (XSS) attacks through plugins. (MFSA 2012-82 / CVE-2012-3994) - Security researcher Mariusz Mlynski reported that when InstallTrigger fails, it throws an error wrapped in a Chrome Object Wrapper (COW) that fails to specify exposed properties. These can then be added to the resulting object by an attacker, allowing access to chrome privileged functions through script. (MFSA 2012-83) While investigating this issue, Mozilla security researcher moz_bug_r_a4 found that COW did not disallow accessing of properties from a standard prototype in some situations, even when the original issue had been fixed. These issues could allow for a cross-site scripting (XSS) attack or arbitrary code execution. - XrayWrapper pollution via unsafe COW. (CVE-2012-3993) - ChromeObjectWrapper is not implemented as intended. (CVE-2012-4184) - Security researcher Mariusz Mlynski reported an issue with spoofing of the location property. In this issue, writes to location.hash can be used in concert with scripted history navigation to cause a specific website to be loaded into the history object. The baseURI can then be changed to this stored site, allowing an attacker to inject a script or intercept posted data posted to a location specified with a relative path. (MFSA 2012-84 / CVE-2012-3992) - Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free, buffer overflow, and out of bounds read issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting two additional use-after-free flaws introduced during Firefox 16 development and fixed before general release. (MFSA 2012-85) - Out of bounds read in IsCSSWordSpacingSpace. (CVE-2012-3995) - Heap-use-after-free in nsHTMLCSSUtils::CreateCSSPropertyTxn. (CVE-2012-4179) - Heap-buffer-overflow in nsHTMLEditor::IsPrevCharInNodeWhitespace. (CVE-2012-4180) - Heap-use-after-free in nsSMILAnimationController::DoSample. (CVE-2012-4181) - Heap-use-after-free in nsTextEditRules::WillInsert. (CVE-2012-4182) - Heap-use-after-free in DOMSVGTests::GetRequiredFeatures. (CVE-2012-4183) - Security researcher Atte Kettunen from OUSPG reported several heap memory corruption issues found using the Address Sanitizer tool. These issues are potentially exploitable, allowing for remote code execution. (MFSA 2012-86) - Global-buffer-overflow in nsCharTraits::length. (CVE-2012-4185) - Heap-buffer-overflow in nsWaveReader::DecodeAudioData. (CVE-2012-4186) - Crash with ASSERTION: insPos too small. (CVE-2012-4187) - Heap-buffer-overflow in Convolve3x3. (CVE-2012-4188) - Security researcher miaubiz used the Address Sanitizer tool to discover a use-after-free in the IME State Manager code. This could lead to a potentially exploitable crash. (MFSA 2012-87 / CVE-2012-3990) - Mozilla security researcher moz_bug_r_a4 reported a regression where security wrappers are unwrapped without doing a security check in defaultValue(). This can allow for improper access access to the Location object. In versions 15 and earlier of affected products, there was also the potential for arbitrary code execution. (MFSA 2012-89 / CVE-2012-4192 / CVE-2012-4193)
    last seen 2019-02-21
    modified 2015-10-12
    plugin id 64133
    published 2013-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64133
    title SuSE 11.2 Security Update : Mozilla Firefox (SAT Patch Number 6951)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_6E5A9AFD12D311E2B47DC8600054B392.NASL
    description The Mozilla Project reports : MFSA 2012-74 Miscellaneous memory safety hazards (rv:16.0/ rv:10.0.8) MFSA 2012-75 select element persistance allows for attacks MFSA 2012-76 Continued access to initial origin after setting document.domain MFSA 2012-77 Some DOMWindowUtils methods bypass security checks MFSA 2012-78 Reader Mode pages have chrome privileges MFSA 2012-79 DOS and crash with full screen and history navigation MFSA 2012-80 Crash with invalid cast when using instanceof operator MFSA 2012-81 GetProperty function can bypass security checks MFSA 2012-82 top object and location property accessible by plugins MFSA 2012-83 Chrome Object Wrapper (COW) does not disallow access to privileged functions or properties MFSA 2012-84 Spoofing and script injection through location.hash MFSA 2012-85 Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer MFSA 2012-86 Heap memory corruption issues found using Address Sanitizer MFSA 2012-87 Use-after-free in the IME State Manager MFSA 2012-88 Miscellaneous memory safety hazards (rv:16.0.1) MFSA 2012-89 defaultValue security checks not applied
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 62490
    published 2012-10-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62490
    title FreeBSD : mozilla -- multiple vulnerabilities (6e5a9afd-12d3-11e2-b47d-c8600054b392)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_FIREFOX-201210-8327.NASL
    description MozillaFirefox was updated to the 10.0.9ESR security release which fixes bugs and security issues : - Security researchers Thai Duong and Juliano Rizzo reported that SPDY's request header compression leads to information leakage, which can allow the extraction of private data such as session cookies, even over an encrypted SSL connection. (This does not affect Firefox 10 as it does not feature the SPDY extension. It was silently fixed for Firefox 15.). (MFSA 2012-73 / CVE-2012-3977) - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2012-74) In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. - Henrik Skupin, Jesse Ruderman and moz_bug_r_a4 reported memory safety problems and crashes that affect Firefox 15. (CVE-2012-3983) - Christian Holler and Jesse Ruderman reported memory safety problems and crashes that affect Firefox ESR 10 and Firefox 15. (CVE-2012-3982) - Security researcher David Bloom of Cue discovered that 'select' elements are always-on-top chromeless windows and that navigation away from a page with an active 'select' menu does not remove this window.When another menu is opened programmatically on a new page, the original 'select' menu can be retained and arbitrary HTML content within it rendered, allowing an attacker to cover arbitrary portions of the new page through absolute positioning/scrolling, leading to spoofing attacks. Security researcher Jordi Chancel found a variation that would allow for click-jacking attacks was well. (MFSA 2012-75 / CVE-2012-3984) In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. References Navigation away from a page with an active 'select' dropdown menu can be used for URL spoofing, other evil Firefox 10.0.1 : Navigation away from a page with multiple active 'select' dropdown menu can be used for Spoofing And ClickJacking with XPI using window.open and geolocalisation - Security researcher Collin Jackson reported a violation of the HTML5 specifications for document.domain behavior. Specified behavior requires pages to only have access to windows in a new document.domain but the observed violation allowed pages to retain access to windows from the page's initial origin in addition to the new document.domain. This could potentially lead to cross-site scripting (XSS) attacks. (MFSA 2012-76 / CVE-2012-3985) - Mozilla developer Johnny Stenback discovered that several methods of a feature used for testing (DOMWindowUtils) are not protected by existing security checks, allowing these methods to be called through script by web pages. This was addressed by adding the existing security checks to these methods. (MFSA 2012-77 / CVE-2012-3986) - Security researcher Warren He reported that when a page is transitioned into Reader Mode in Firefox for Android, the resulting page has chrome privileges and its content is not thoroughly sanitized. A successful attack requires user enabling of reader mode for a malicious page, which could then perform an attack similar to cross-site scripting (XSS) to gain the privileges allowed to Firefox on an Android device. This has been fixed by changing the Reader Mode page into an unprivileged page. (MFSA 2012-78 / CVE-2012-3987) This vulnerability only affects Firefox for Android. - Security researcher Soroush Dalili reported that a combination of invoking full screen mode and navigating backwards in history could, in some circumstances, cause a hang or crash due to a timing dependent use-after-free pointer reference. This crash may be potentially exploitable. (MFSA 2012-79 / CVE-2012-3988) - Mozilla community member Ms2ger reported a crash due to an invalid cast when using the instanceof operator on certain types of JavaScript objects. This can lead to a potentially exploitable crash. (MFSA 2012-80 / CVE-2012-3989) - Mozilla community member Alice White reported that when the GetProperty function is invoked through JSAPI, security checking can be bypassed when getting cross-origin properties. This potentially allowed for arbitrary code execution. (MFSA 2012-81 / CVE-2012-3991) - Security researcher Mariusz Mlynski reported that the location property can be accessed by binary plugins through top.location and top can be shadowed by Object.defineProperty as well. This can allow for possible cross-site scripting (XSS) attacks through plugins. (MFSA 2012-82 / CVE-2012-3994) - Security researcher Mariusz Mlynski reported that when InstallTrigger fails, it throws an error wrapped in a Chrome Object Wrapper (COW) that fails to specify exposed properties. These can then be added to the resulting object by an attacker, allowing access to chrome privileged functions through script. (MFSA 2012-83) While investigating this issue, Mozilla security researcher moz_bug_r_a4 found that COW did not disallow accessing of properties from a standard prototype in some situations, even when the original issue had been fixed. These issues could allow for a cross-site scripting (XSS) attack or arbitrary code execution. - XrayWrapper pollution via unsafe COW. (CVE-2012-3993) - ChromeObjectWrapper is not implemented as intended. (CVE-2012-4184) - Security researcher Mariusz Mlynski reported an issue with spoofing of the location property. In this issue, writes to location.hash can be used in concert with scripted history navigation to cause a specific website to be loaded into the history object. The baseURI can then be changed to this stored site, allowing an attacker to inject a script or intercept posted data posted to a location specified with a relative path. (MFSA 2012-84 / CVE-2012-3992) - Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free, buffer overflow, and out of bounds read issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting two additional use-after-free flaws introduced during Firefox 16 development and fixed before general release. (MFSA 2012-85) - Out of bounds read in IsCSSWordSpacingSpace. (CVE-2012-3995) - Heap-use-after-free in nsHTMLCSSUtils::CreateCSSPropertyTxn. (CVE-2012-4179) - Heap-buffer-overflow in nsHTMLEditor::IsPrevCharInNodeWhitespace. (CVE-2012-4180) - Heap-use-after-free in nsSMILAnimationController::DoSample. (CVE-2012-4181) - Heap-use-after-free in nsTextEditRules::WillInsert. (CVE-2012-4182) - Heap-use-after-free in DOMSVGTests::GetRequiredFeatures. (CVE-2012-4183) - Security researcher Atte Kettunen from OUSPG reported several heap memory corruption issues found using the Address Sanitizer tool. These issues are potentially exploitable, allowing for remote code execution. (MFSA 2012-86) - Global-buffer-overflow in nsCharTraits::length. (CVE-2012-4185) - Heap-buffer-overflow in nsWaveReader::DecodeAudioData. (CVE-2012-4186) - Crash with ASSERTION: insPos too small. (CVE-2012-4187) - Heap-buffer-overflow in Convolve3x3. (CVE-2012-4188) - Security researcher miaubiz used the Address Sanitizer tool to discover a use-after-free in the IME State Manager code. This could lead to a potentially exploitable crash. (MFSA 2012-87 / CVE-2012-3990) - Mozilla security researcher moz_bug_r_a4 reported a regression where security wrappers are unwrapped without doing a security check in defaultValue(). This can allow for improper access access to the Location object. In versions 15 and earlier of affected products, there was also the potential for arbitrary code execution. (MFSA 2012-89 / CVE-2012-4192 / CVE-2012-4193)
    last seen 2019-02-21
    modified 2015-10-12
    plugin id 62573
    published 2012-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62573
    title SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8327)
oval via4
accepted 2014-10-06T04:02:05.626-04:00
class vulnerability
contributors
  • name Sergey Artykhov
    organization ALTX-SOFT
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Shane Shaffer
    organization G2, Inc.
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Richard Helbing
    organization baramundi software
  • name Evgeniy Pavlov
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
definition_extensions
  • comment Mozilla Thunderbird Mainline release is installed
    oval oval:org.mitre.oval:def:22093
  • comment Mozilla Seamonkey is installed
    oval oval:org.mitre.oval:def:6372
  • comment Mozilla Firefox Mainline release is installed
    oval oval:org.mitre.oval:def:22259
  • comment Mozilla Firefox ESR is installed
    oval oval:org.mitre.oval:def:22414
  • comment Mozilla Thunderbird ESR is installed
    oval oval:org.mitre.oval:def:22216
description Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same Origin Policy and read the properties of a Location object, or execute arbitrary JavaScript code, via a crafted web site.
family windows
id oval:org.mitre.oval:def:16786
status accepted
submitted 2013-05-13T10:26:26.748+04:00
title Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same Origin Policy and read the properties of a Location object, or execute arbitrary JavaScript code, via a crafted web site.
version 35
redhat via4
advisories
  • bugzilla
    id 865215
    title CVE-2012-4193 Mozilla: defaultValue security checks not applied (MFSA 2012-89)
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhsa:tst:20070055001
      • OR
        • AND
          • comment xulrunner is earlier than 0:10.0.8-2.el5_8
            oval oval:com.redhat.rhsa:tst:20121361002
          • comment xulrunner is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20080569003
        • AND
          • comment xulrunner-devel is earlier than 0:10.0.8-2.el5_8
            oval oval:com.redhat.rhsa:tst:20121361004
          • comment xulrunner-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20080569005
    • AND
      • OR
        • comment Red Hat Enterprise Linux 6 Client is installed
          oval oval:com.redhat.rhsa:tst:20100842001
        • comment Red Hat Enterprise Linux 6 Server is installed
          oval oval:com.redhat.rhsa:tst:20100842002
        • comment Red Hat Enterprise Linux 6 Workstation is installed
          oval oval:com.redhat.rhsa:tst:20100842003
        • comment Red Hat Enterprise Linux 6 ComputeNode is installed
          oval oval:com.redhat.rhsa:tst:20100842004
      • OR
        • AND
          • comment xulrunner is earlier than 0:10.0.8-2.el6_3
            oval oval:com.redhat.rhsa:tst:20121361010
          • comment xulrunner is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100861006
        • AND
          • comment xulrunner-devel is earlier than 0:10.0.8-2.el6_3
            oval oval:com.redhat.rhsa:tst:20121361012
          • comment xulrunner-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100861008
    rhsa
    id RHSA-2012:1361
    released 2012-10-12
    severity Critical
    title RHSA-2012:1361: xulrunner security update (Critical)
  • bugzilla
    id 865215
    title CVE-2012-4193 Mozilla: defaultValue security checks not applied (MFSA 2012-89)
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhsa:tst:20070055001
      • comment thunderbird is earlier than 0:10.0.8-2.el5_8
        oval oval:com.redhat.rhsa:tst:20121362002
      • comment thunderbird is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhsa:tst:20070108003
    • AND
      • comment thunderbird is earlier than 0:10.0.8-2.el6_3
        oval oval:com.redhat.rhsa:tst:20121362008
      • comment thunderbird is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100896006
      • OR
        • comment Red Hat Enterprise Linux 6 Client is installed
          oval oval:com.redhat.rhsa:tst:20100842001
        • comment Red Hat Enterprise Linux 6 Server is installed
          oval oval:com.redhat.rhsa:tst:20100842002
        • comment Red Hat Enterprise Linux 6 Workstation is installed
          oval oval:com.redhat.rhsa:tst:20100842003
        • comment Red Hat Enterprise Linux 6 ComputeNode is installed
          oval oval:com.redhat.rhsa:tst:20100842004
    rhsa
    id RHSA-2012:1362
    released 2012-10-12
    severity Critical
    title RHSA-2012:1362: thunderbird security update (Critical)
rpms
  • xulrunner-0:10.0.8-2.el5_8
  • xulrunner-devel-0:10.0.8-2.el5_8
  • xulrunner-0:10.0.8-2.el6_3
  • xulrunner-devel-0:10.0.8-2.el6_3
  • thunderbird-0:10.0.8-2.el5_8
  • thunderbird-0:10.0.8-2.el6_3
refmap via4
confirm
secunia
  • 50904
  • 50906
  • 50907
  • 50964
  • 50984
  • 55318
suse SUSE-SU-2012:1351
ubuntu USN-1611-1
xf mozilla-location-security-bypass(79211)
Last major update 02-11-2013 - 23:26
Published 12-10-2012 - 06:44
Last modified 18-09-2017 - 21:35
Back to Top