CVE-2012-4193 (retired)

Priority
Description
Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird
before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before
2.13.1 omit a security check in the defaultValue function during the
unwrapping of security wrappers, which allows remote attackers to bypass
the Same Origin Policy and read the properties of a Location object, or
execute arbitrary JavaScript code, via a crafted web site.
Notes
 jdstrand> xulrunner-1.9.2 unmaintained upstream (see README.mozilla for
  details)
 micahg> this CVE is for the pre-16 fix
Package
Upstream:released (16.0.1)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (16.0+build1-0ubuntu1)
Package
Upstream:released (2.13.1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Package
Upstream:released (16.0.1)
Ubuntu 14.04 LTS (Trusty Tahr):released (16.0.1+build1-0ubuntu1)
Package
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Package
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):DNE
More Information

Updated: 2019-03-26 12:03:42 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)