Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly implement the HTML5 Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging initial-origin access after document.domain has been set.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N
Vendors Products
Suse
  • Linux Enterprise Desktop
  • Linux Enterprise Server
Canonical
  • Ubuntu Linux
Mozilla
  • Thunderbird
  • Firefox
  • Seamonkey

Configuration 1 [-]

OR cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*

Configuration 3 [-]

OR cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*
References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html Mailing List Third Party Advisory
http://osvdb.org/86106 Broken Link
http://secunia.com/advisories/50856 Broken Link
http://secunia.com/advisories/50892 Broken Link
http://secunia.com/advisories/50904 Broken Link
http://secunia.com/advisories/50935 Broken Link
http://secunia.com/advisories/50984 Broken Link
http://www.mozilla.org/security/announce/2012/mfsa2012-76.html Vendor Advisory
http://www.ubuntu.com/usn/USN-1611-1 Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=655649 Issue Tracking Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16108 Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2012-10-10T17:00:00

Updated: 2017-09-18T12:57:01

Reserved: 2012-07-11T00:00:00

Link: CVE-2012-3985

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2012-10-10T17:55:01.657

Modified: 2020-08-26T19:36:42.500

Link: CVE-2012-3985

JSON object: View

cve-icon Redhat Information

No data.

CWE