{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-10-26T00:00:00", "descriptions": [{"lang": "en", "value": "Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 allow remote attackers to bypass the Same Origin Policy and read the Location object via a prototype property-injection attack that defeats certain protection mechanisms for this object."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "oval:org.mitre.oval:def:16962", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16962"}, {"name": "51144", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/51144"}, {"name": "SUSE-SU-2012:1426", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00025.html"}, {"name": "51123", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/51123"}, {"name": "51121", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/51121"}, {"name": "51147", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/51147"}, {"name": "56306", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/56306"}, {"name": "USN-1620-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1620-1"}, {"name": "RHSA-2012:1407", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1407.html"}, {"name": "51127", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/51127"}, {"name": "55318", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/55318"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-90.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=802557"}, {"name": "USN-1620-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1620-2"}, {"name": "openSUSE-SU-2012:1412", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00019.html"}, {"name": "51165", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/51165"}, {"name": "RHSA-2012:1413", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1413.html"}, {"name": "51146", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/51146"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-4196", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 allow remote attackers to bypass the Same Origin Policy and read the Location object via a prototype property-injection attack that defeats certain protection mechanisms for this object."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "oval:org.mitre.oval:def:16962", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16962"}, {"name": "51144", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/51144"}, {"name": "SUSE-SU-2012:1426", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00025.html"}, {"name": "51123", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/51123"}, {"name": "51121", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/51121"}, {"name": "51147", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/51147"}, {"name": "56306", "refsource": "BID", "url": "http://www.securityfocus.com/bid/56306"}, {"name": "USN-1620-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1620-1"}, {"name": "RHSA-2012:1407", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-1407.html"}, {"name": "51127", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/51127"}, {"name": "55318", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/55318"}, {"name": "http://www.mozilla.org/security/announce/2012/mfsa2012-90.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-90.html"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=802557", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=802557"}, {"name": "USN-1620-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1620-2"}, {"name": "openSUSE-SU-2012:1412", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00019.html"}, {"name": "51165", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/51165"}, {"name": "RHSA-2012:1413", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-1413.html"}, {"name": "51146", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/51146"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T20:28:07.586Z"}, "title": "CVE Program Container", "references": [{"name": "oval:org.mitre.oval:def:16962", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16962"}, {"name": "51144", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/51144"}, {"name": "SUSE-SU-2012:1426", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00025.html"}, {"name": "51123", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/51123"}, {"name": "51121", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/51121"}, {"name": "51147", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/51147"}, {"name": "56306", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/56306"}, {"name": "USN-1620-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1620-1"}, {"name": "RHSA-2012:1407", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1407.html"}, {"name": "51127", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/51127"}, {"name": "55318", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/55318"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-90.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=802557"}, {"name": "USN-1620-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1620-2"}, {"name": "openSUSE-SU-2012:1412", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00019.html"}, {"name": "51165", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/51165"}, {"name": "RHSA-2012:1413", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1413.html"}, {"name": "51146", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/51146"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-4196", "datePublished": "2012-10-29T18:00:00", "dateReserved": "2012-08-08T00:00:00", "dateUpdated": "2024-08-06T20:28:07.586Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "29A65DA0-0970-4FDF-831D-A94C1069D6A4", "versionEndExcluding": "16.0.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "D27ACD52-BA02-4CEC-BAF1-CD2FA48218D8", "versionEndExcluding": "10.0.10", "versionStartIncluding": "10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*", "matchCriteriaId": "781CA7F6-8BFA-43D0-B22E-70B7AB07D828", "versionEndExcluding": "2.13.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "EA10AAED-D8A3-4100-A01D-D07E45C3BEB1", "versionEndExcluding": "16.0.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "C8CB14D1-FA99-4239-B7F4-BE2032DD0A76", "versionEndExcluding": "10.0.10", "versionStartIncluding": "10.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*", "matchCriteriaId": "EBB2C482-D2A4-48B3-ACE7-E1DFDCC409B5", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*", "matchCriteriaId": "F0545634-EC4A-48E8-AB3D-49802FB11758", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*", "matchCriteriaId": "00720D8C-3FF3-4B1C-B74B-91F01A544399", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*", "matchCriteriaId": "A53FF936-C785-4CEF-BAD0-3C3EB90EE466", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*", "matchCriteriaId": "88D6E858-FD8F-4C55-B7D5-CEEDA2BBA898", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*", "matchCriteriaId": "DB4D6749-81A1-41D7-BF4F-1C45A7F49A22", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*", "matchCriteriaId": "436EF2ED-FDBB-4B64-8EC4-33C3E4253F06", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*", "matchCriteriaId": "5AA37837-3083-4DC7-94F4-54FD5D7CB53C", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*", "matchCriteriaId": "EF49D26F-142E-468B-87C1-BABEA445255C", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*", "matchCriteriaId": "8382A145-CDD9-437E-9DE7-A349956778B3", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 allow remote attackers to bypass the Same Origin Policy and read the Location object via a prototype property-injection attack that defeats certain protection mechanisms for this object."}, {"lang": "es", "value": "Mozilla Firefox anteriores a v16.0.2, Firefox ESR v10.x anteriores a v10.0.10, Thunderbird anteriores a v16.0.2, Thunderbird ESR v10.x anteriores a v10.0.10, y SeaMonkey anteriores a v2.13.2, permiten a atacantes remotos evitar la Same Origin Policy y leer la localizaci\u00f3n del objeto a trav\u00e9s de un ataque \"prototype property-injection\" que elimina ciertos mecanismos de protecci\u00f3n para ese objeto."}], "id": "CVE-2012-4196", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-10-29T18:55:01.507", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00019.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00025.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1407.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1413.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/51121"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/51123"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/51127"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/51144"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/51146"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/51147"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/51165"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/55318"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-90.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/56306"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1620-1"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1620-2"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=802557"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16962"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00019.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00025.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1407.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1413.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/51121"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/51123"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/51127"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/51144"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/51146"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/51147"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/51165"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/55318"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-90.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/56306"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1620-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1620-2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=802557"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16962"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue.", "affected_release": [{"advisory": "RHSA-2012:1407", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "firefox-0:10.0.10-1.el5_8", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2012-10-26T00:00:00Z"}, {"advisory": "RHSA-2012:1407", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "xulrunner-0:10.0.10-1.el5_8", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2012-10-26T00:00:00Z"}, {"advisory": "RHSA-2012:1413", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "thunderbird-0:10.0.10-1.el5_8", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2012-10-29T00:00:00Z"}, {"advisory": "RHSA-2012:1407", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "firefox-0:10.0.10-1.el6_3", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2012-10-26T00:00:00Z"}, {"advisory": "RHSA-2012:1407", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xulrunner-0:10.0.10-1.el6_3", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2012-10-26T00:00:00Z"}, {"advisory": "RHSA-2012:1413", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "thunderbird-0:10.0.10-1.el6_3", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2012-10-29T00:00:00Z"}], "bugzilla": {"description": "Mozilla: Fixes for Location object issues (MFSA 2012-90)", "id": "869893", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=869893"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified"}, "details": ["Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 allow remote attackers to bypass the Same Origin Policy and read the Location object via a prototype property-injection attack that defeats certain protection mechanisms for this object."], "name": "CVE-2012-4196", "public_date": "2012-10-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2012-4196\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-4196\nhttp://www.mozilla.org/security/announce/2012/mfsa2012-90.html"], "threat_severity": "Critical"}