CVE-2012-3986 - OpenCVE

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils) methods, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Mozilla	Firefox Esr Thunderbird Esr Thunderbird Firefox Seamonkey
Suse	Linux Enterprise Desktop Linux Enterprise Server Linux Enterprise Sdk
Canonical	Ubuntu Linux
Debian	Debian Linux
Redhat	Enterprise Linux Desktop Enterprise Linux Workstation Enterprise Linux Server Enterprise Linux Eus

Configuration 1 [-]

cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

Configuration 4 [-]

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Configuration 5 [-]

cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*

Configuration 6 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:10.04::::-:::
	cpe:2.3:o:canonical:ubuntu_linux:11.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:11.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
	cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:6.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

Configuration 7 [-]

OR	cpe:2.3:o:debian:debian_linux:6.0:::::::*
	cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4::::::
	cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3::::::
	cpe:2.3:o:suse:linux_enterprise_sdk:10:sp4::::::
	cpe:2.3:o:suse:linux_enterprise_server:10:sp4::::::
	cpe:2.3:o:suse:linux_enterprise_server:11:sp3::::::
	cpe:2.3:o:suse:linux_enterprise_server:11:sp3::::vmware::*

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html	Mailing List Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-1351.html	Third Party Advisory
http://secunia.com/advisories/50856	Third Party Advisory
http://secunia.com/advisories/50892	Third Party Advisory
http://secunia.com/advisories/50904	Third Party Advisory
http://secunia.com/advisories/50935	Third Party Advisory
http://secunia.com/advisories/50936	Third Party Advisory
http://secunia.com/advisories/50984	Third Party Advisory
http://secunia.com/advisories/51181	Third Party Advisory
http://secunia.com/advisories/55318	Third Party Advisory
http://www.debian.org/security/2012/dsa-2565	Third Party Advisory
http://www.debian.org/security/2012/dsa-2569	Third Party Advisory
http://www.debian.org/security/2012/dsa-2572	Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2012:163	Third Party Advisory
http://www.mozilla.org/security/announce/2012/mfsa2012-77.html	Vendor Advisory
http://www.securityfocus.com/bid/55922	Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-1611-1	Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=775868	Issue Tracking Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16834	Third Party Advisory