CVE-2012-4193
Mozilla Firefox < 16.0.1 - Origin Validation Error
Title source: ruleDescription
Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same Origin Policy and read the properties of a Location object, or execute arbitrary JavaScript code, via a crafted web site.
References (14)
Scores
EPSS
0.0141
EPSS Percentile
80.3%
Classification
CWE
CWE-346
Status
draft
Affected Products (21)
mozilla/firefox
< 16.0.1
mozilla/seamonkey
< 2.13.1
mozilla/thunderbird
< 16.0.1
mozilla/thunderbird_esr
< 10.0.9
suse/linux_enterprise_desktop
suse/linux_enterprise_desktop
suse/linux_enterprise_server
suse/linux_enterprise_server
suse/linux_enterprise_server
suse/linux_enterprise_software_development_kit
canonical/ubuntu_linux
canonical/ubuntu_linux
canonical/ubuntu_linux
canonical/ubuntu_linux
redhat/enterprise_linux_desktop
... and 6 more
Timeline
Published
Oct 12, 2012
Tracked Since
Feb 18, 2026