Multiple vulnerabilities in Mozilla products

Posted: October 29, 2012 in Vulnerabilities
Tags: , , , ,

Firefox logo

Vulnerabilities in Mozilla products

Vulnerability: multiple vulnerabilities in Mozilla products

Danger: Low
Patch: Yes
Number of vulnerabilities: 3

CVE ID: CVE-2012-4194
CVE-2012-4195
CVE-2012-4196

Impact: Cross Site Scripting
Disclosure of sensitive data

Affected products:

  • Mozilla Thunderbird 16.x
  • Mozilla Firefox 16.x
  • Mozilla Firefox 10.x
  • Mozilla Thunderbird 10.x
  • Mozilla SeaMonkey 2.x
Affected versions:

  • Firefox 16.0.2
  • Mozilla Firefox ESR 10.0.10
  • Mozilla Thunderbird 16.0.2
  • Mozilla Thunderbird ESR 10.0.10
  • Mozilla SeaMonkey 2.13.2

Description:

Discovered vulnerabilities allow a remote user to make XSS attacks.

1. An error in the method valueOf when working with certain plugins. A remote user can make XSS attack.

2. An error in the function CheckURL () when determining window.location. A remote user can make XSS attack.

3. An error in the object Location. This can be exploited to bypass security restrictions and implement a cross-domain object reading Location.

Manufacturer URL: http://mozilla.org/

Solution: To resolve the vulnerability patch from the manufacturer.

links:

http://www.mozilla.org/security/announce/2012/mfsa2012-90.html

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s