The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not prevent access to properties of a prototype for a standard class, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
Configuration 7 (hide)
|
History
21 Oct 2024, 13:55
Type | Values Removed | Values Added |
---|---|---|
CPE |
Information
Published : 2012-10-10 17:55
Updated : 2024-10-21 13:55
NVD link : CVE-2012-4184
Mitre link : CVE-2012-4184
CVE.ORG link : CVE-2012-4184
JSON object : View
Products Affected
mozilla
- firefox
- thunderbird
- seamonkey
- thunderbird_esr
redhat
- enterprise_linux_server
- enterprise_linux_desktop
- enterprise_linux_eus
- enterprise_linux_workstation
canonical
- ubuntu_linux
suse
- linux_enterprise_server
- linux_enterprise_desktop
- linux_enterprise_sdk
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')