CVE-2012-1959 Information

Feb 14, 2021 cve

Description

Mozilla Firefox 4.x through 13.0 Firefox ESR 10.x before 10.0.6 Thunderbird 5.0 through 13.0 Thunderbird ESR 10.x before 10.0.6 and SeaMonkey before 2.11 do not consider the presence of same-compartment security wrappers (SCSW) during the cross-compartment wrapping of objects which allows remote attackers to bypass intended XBL access restrictions via crafted content.

Reference

http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00016.html http://osvdb.org/84002 http://rhn.redhat.com/errata/RHSA-2012-1088.html http://secunia.com/advisories/49965 http://secunia.com/advisories/49968 http://secunia.com/advisories/49972 http://secunia.com/advisories/49977 http://secunia.com/advisories/49979 http://secunia.com/advisories/49992 http://secunia.com/advisories/49993 http://secunia.com/advisories/49994 http://www.mozilla.org/security/announce/2012/mfsa2012-49.html http://www.securityfocus.com/bid/54576 http://www.securitytracker.com/id?1027256 http://www.securitytracker.com/id?1027257 http://www.securitytracker.com/id?1027258 http://www.ubuntu.com/usn/USN-1509-1 http://www.ubuntu.com/usn/USN-1509-2 http://www.ubuntu.com/usn/USN-1510-1 https://bugzilla.mozilla.org/show_bug.cgi?id=737559 https://bugzilla.mozilla.org/show_bug.cgi?id=754044 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A16920

Share on: