CVE-2012-4184 Information

Feb 14, 2021 cve

Description

The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0 Firefox ESR 10.x before 10.0.8 Thunderbird before 16.0 Thunderbird ESR 10.x before 10.0.8 and SeaMonkey before 2.13 does not prevent access to properties of a prototype for a standard class which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site.

Reference

http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html http://osvdb.org/86113 http://rhn.redhat.com/errata/RHSA-2012-1351.html http://secunia.com/advisories/50892 http://secunia.com/advisories/50904 http://secunia.com/advisories/50984 http://secunia.com/advisories/55318 http://www.mandriva.com/security/advisories?name=MDVSA-2012:163 http://www.mozilla.org/security/announce/2012/mfsa2012-83.html http://www.securityfocus.com/bid/56120 http://www.ubuntu.com/usn/USN-1611-1 https://bugzilla.mozilla.org/show_bug.cgi?id=780370 https://exchange.xforce.ibmcloud.com/vulnerabilities/79154 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A16946

Share on: