CVE-2012-4201 (retired)

Priority
Description
The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox
ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x
before 10.0.11, and SeaMonkey before 2.14 uses an incorrect context during
the handling of JavaScript code that sets the location.href property, which
allows remote attackers to conduct cross-site scripting (XSS) attacks or
read arbitrary files by leveraging a sandboxed add-on.
Notes
 jdstrand> xulrunner-1.9.2 unmaintained upstream (see README.mozilla for
  details)
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
More Information

Updated: 2019-09-19 15:41:43 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)