CVE-2012-4208
CVE-2012-4208
The XrayWrapper implementation in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 does not consider the compartment during property filtering, which allows remote attackers to bypass intended chrome-only restrictions on reading DOM object properties via a crafted web site.
Productos afectados
n/a · n/a¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.htmlhttp://lists.opensuse.org/opensuse-updates/2012-11/msg00090.htmlhttp://lists.opensuse.org/opensuse-updates/2012-11/msg00092.htmlhttp://lists.opensuse.org/opensuse-updates/2012-11/msg00093.htmlhttps://bugzilla.mozilla.org/show_bug.cgi?id=798264http://secunia.com/advisories/51369http://secunia.com/advisories/51370http://secunia.com/advisories/51381http://secunia.com/advisories/51434http://secunia.com/advisories/51439http://secunia.com/advisories/51440