Multiple vulnerabilities in Mozilla products

Posted: October 29, 2012 in Vulnerabilities
Tags: , , , ,

Firefox logo

Vulnerabilities in Mozilla products

Vulnerability: multiple vulnerabilities in Mozilla products

Danger: Low
Patch: Yes
Number of vulnerabilities: 3

CVE ID: CVE-2012-4194

Impact: Cross Site Scripting
Disclosure of sensitive data

Affected products:

  • Mozilla Thunderbird 16.x
  • Mozilla Firefox 16.x
  • Mozilla Firefox 10.x
  • Mozilla Thunderbird 10.x
  • Mozilla SeaMonkey 2.x
Affected versions:

  • Firefox 16.0.2
  • Mozilla Firefox ESR 10.0.10
  • Mozilla Thunderbird 16.0.2
  • Mozilla Thunderbird ESR 10.0.10
  • Mozilla SeaMonkey 2.13.2


Discovered vulnerabilities allow a remote user to make XSS attacks.

1. An error in the method valueOf when working with certain plugins. A remote user can make XSS attack.

2. An error in the function CheckURL () when determining window.location. A remote user can make XSS attack.

3. An error in the object Location. This can be exploited to bypass security restrictions and implement a cross-domain object reading Location.

Manufacturer URL:

Solution: To resolve the vulnerability patch from the manufacturer.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s