CVE-2012-4208
CVE-2012-4208
The XrayWrapper implementation in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 does not consider the compartment during property filtering, which allows remote attackers to bypass intended chrome-only restrictions on reading DOM object properties via a crafted web site.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.htmlhttp://lists.opensuse.org/opensuse-updates/2012-11/msg00090.htmlhttp://lists.opensuse.org/opensuse-updates/2012-11/msg00092.htmlhttp://lists.opensuse.org/opensuse-updates/2012-11/msg00093.htmlhttps://bugzilla.mozilla.org/show_bug.cgi?id=798264http://secunia.com/advisories/51369http://secunia.com/advisories/51370http://secunia.com/advisories/51381http://secunia.com/advisories/51434http://secunia.com/advisories/51439http://secunia.com/advisories/51440