CVE-2012-4195

Description

The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 does not properly determine the calling document and principal in its return value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, and makes it easier for remote attackers to execute arbitrary JavaScript code by leveraging certain add-on behavior.

Risk Information

Base Score

6.1

MODERATE

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS Score

Exploitation Probability

0.962

Associated Vulnerability

Vulnerability	OS Platform
Multiple vulnerabilities affected in Mozilla Firefox (x64) 16.0.1	Windows
Multiple vulnerabilities affected in Mozilla Firefox ESR (x64) 10.0.9	Windows
Multiple vulnerabilities affected in Mozilla Firefox ESR 10.0.9	Windows
Multiple vulnerabilities affected in Mozilla Thunderbird 16.0.1	Windows
Multiple vulnerabilities affected in Mozilla Thunderbird ESR 10.0.9	Windows
Multiple vulnerabilities affected in Mozilla_Firefox 16.0.1	Windows
Multiple vulnerabilities affected in SeaMonkey 2.9.1	Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 16.0.1	Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 16.0.1	Windows
Vulnerabilities CVE-2012-4194,CVE-2012-4195,CVE-2012-4196 are fixed in Mozilla Firefox For Mac (116.0.2)	Mac
Vulnerabilities CVE-2012-4194,CVE-2012-4195,CVE-2012-4196 are fixed in Mozilla Thunderbird For Mac 16.0.2	Mac
Vulnerabilities CVE-2012-4194,CVE-2012-4195,CVE-2012-4196 are fixed in Mozilla Thunderbird For Mac 10.0.10	Mac
Vulnerabilities CVE-2012-4194,CVE-2012-4195,CVE-2012-4196,CVE-2012-4210 are affected in Firefox ESR for Mac 10.0.9	Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 10.0.9	Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 16.0.1	Mac
Vulnerabilities CVE-2012-4194,CVE-2012-4195,CVE-2012-4196 are affected in Mozilla Thunderbird for Mac 10.0.9	Mac
Vulnerabilities CVE-2012-4194,CVE-2012-4195,CVE-2012-4196 are affected in Mozilla Thunderbird for Mac 16.0.1	Mac
Multiple Vulnerabilities are affected in SeaMonkey For Mac 2.13.1	Mac
Vulnerabilities CVE-2012-4194,CVE-2012-4195,CVE-2012-4196 are fixed in Mozilla Firefox For Mac 10.0.10	Mac

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-343016	Mozilla Firefox (x64) (132.0.2)
PATCH-310844	Mozilla Firefox ESR (x64) (60.9.0)
PATCH-310843	Mozilla Firefox ESR (60.9.0)
PATCH-315938	Mozilla Thunderbird (68.12.0)
PATCH-343015	Mozilla Firefox (132.0.2)
PATCH-341197	SeaMonkey (2.53.19)
PATCH-607000	Mozilla Firefox For Mac (124.0)
PATCH-611807	Mozilla Thunderbird For Mac (142.0)
PATCH-611807	Mozilla Thunderbird For Mac (142.0)
PATCH-611808	Mozilla Firefox ESR for MAC 128.14.0
PATCH-611870	Mozilla Firefox For Mac (142.0.1)
PATCH-611870	Mozilla Firefox For Mac (142.0.1)
PATCH-611807	Mozilla Thunderbird For Mac (142.0)
PATCH-611807	Mozilla Thunderbird For Mac (142.0)
PATCH-611088	SeaMonkey For Mac (2.53.21)
PATCH-612783	Mozilla Firefox For Mac (145.0.1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234