Multiple vulnerabilities in Mozilla products

Posted: October 29, 2012 in Vulnerabilities
Tags: bypass security, Cross-site scripting, Disclosure of sensitive data, Mozilla products, XSS attacks

Vulnerabilities in Mozilla products

Vulnerability: multiple vulnerabilities in Mozilla products

Danger: Low
Patch: Yes
Number of vulnerabilities: 3

CVE ID: CVE-2012-4194
CVE-2012-4195
CVE-2012-4196

Impact: Cross Site Scripting
Disclosure of sensitive data

Affected products:

Mozilla Thunderbird 16.x

Mozilla Firefox 16.x

Mozilla Firefox 10.x

Mozilla Thunderbird 10.x

Mozilla SeaMonkey 2.x

Affected versions:

Firefox 16.0.2

Mozilla Firefox ESR 10.0.10

Mozilla Thunderbird 16.0.2

Mozilla Thunderbird ESR 10.0.10

Mozilla SeaMonkey 2.13.2

Description:

Discovered vulnerabilities allow a remote user to make XSS attacks.

1. An error in the method valueOf when working with certain plugins. A remote user can make XSS attack.

2. An error in the function CheckURL () when determining window.location. A remote user can make XSS attack.

3. An error in the object Location. This can be exploited to bypass security restrictions and implement a cross-domain object reading Location.

Manufacturer URL: http://mozilla.org/

Solution: To resolve the vulnerability patch from the manufacturer.

links:

http://www.mozilla.org/security/announce/2012/mfsa2012-90.html

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

MALWARELIST.net – Your Information Security Source

Security Solutions Deals

Follow Blog via Email

Top 5 Best Blog Posts

Categories

Find us on Facebook