CVE-2012-1956 (retired)

Priority
Description
Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before
2.12 do not prevent use of the Object.defineProperty method to shadow the
location object (aka window.location), which makes it easier for remote
attackers to conduct cross-site scripting (XSS) attacks via vectors
involving a plugin.
Package
Upstream:released (15.0)
Ubuntu 14.04 LTS (Trusty Tahr):released (15.0+build1-0ubuntu1)
Package
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Package
Upstream:released (15.0)
Ubuntu 14.04 LTS (Trusty Tahr):released (15.0+build1-0ubuntu1)
Package
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Package
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):DNE
More Information

Updated: 2019-03-26 12:01:36 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)