
Vulnerabilities in Mozilla products
Vulnerability: multiple vulnerabilities in Mozilla products
Danger: Low
Patch: Yes
Number of vulnerabilities: 3
CVE ID: CVE-2012-4194
CVE-2012-4195
CVE-2012-4196
Impact: Cross Site Scripting
Disclosure of sensitive data
Affected products:
|
Affected versions:
|
Description:
Discovered vulnerabilities allow a remote user to make XSS attacks.
1. An error in the method valueOf when working with certain plugins. A remote user can make XSS attack.
2. An error in the function CheckURL () when determining window.location. A remote user can make XSS attack.
3. An error in the object Location. This can be exploited to bypass security restrictions and implement a cross-domain object reading Location.
Manufacturer URL: http://mozilla.org/
Solution: To resolve the vulnerability patch from the manufacturer.
links:
http://www.mozilla.org/security/announce/2012/mfsa2012-90.html