Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2012-4201
Description:The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 uses an incorrect context during the handling of JavaScript code that sets the location.href property, which allows remote attackers to conduct cross-site scripting (XSS) attacks or read arbitrary files by leveraging a sandboxed add-on.
Test IDs: 1.3.6.1.4.1.25623.1.0.72599  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2012-4201
BugTraq ID: 56618
http://www.securityfocus.com/bid/56618
Debian Security Information: DSA-2583 (Google Search)
http://www.debian.org/security/2012/dsa-2583
Debian Security Information: DSA-2584 (Google Search)
http://www.debian.org/security/2012/dsa-2584
Debian Security Information: DSA-2588 (Google Search)
http://www.debian.org/security/2012/dsa-2588
http://www.mandriva.com/security/advisories?name=MDVSA-2012:173
http://osvdb.org/87594
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15995
RedHat Security Advisories: RHSA-2012:1482
http://rhn.redhat.com/errata/RHSA-2012-1482.html
RedHat Security Advisories: RHSA-2012:1483
http://rhn.redhat.com/errata/RHSA-2012-1483.html
http://secunia.com/advisories/51359
http://secunia.com/advisories/51360
http://secunia.com/advisories/51369
http://secunia.com/advisories/51370
http://secunia.com/advisories/51381
http://secunia.com/advisories/51434
http://secunia.com/advisories/51439
http://secunia.com/advisories/51440
SuSE Security Announcement: SUSE-SU-2012:1592 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html
SuSE Security Announcement: openSUSE-SU-2012:1583 (Google Search)
http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html
SuSE Security Announcement: openSUSE-SU-2012:1585 (Google Search)
http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html
SuSE Security Announcement: openSUSE-SU-2012:1586 (Google Search)
http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html
SuSE Security Announcement: openSUSE-SU-2013:0175 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html
http://www.ubuntu.com/usn/USN-1636-1
http://www.ubuntu.com/usn/USN-1638-1
http://www.ubuntu.com/usn/USN-1638-2
http://www.ubuntu.com/usn/USN-1638-3
XForce ISS Database: firefox-evalinsandbox-sec-bypass(80171)
https://exchange.xforce.ibmcloud.com/vulnerabilities/80171




© 1998-2024 E-Soft Inc. All rights reserved.