Unrated severityNVD Advisory· Published Oct 29, 2012· Updated Apr 29, 2026
CVE-2012-4196
CVE-2012-4196
Description
Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 allow remote attackers to bypass the Same Origin Policy and read the Location object via a prototype property-injection attack that defeats certain protection mechanisms for this object.
Affected products
26- cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*Range: >=10.0,<10.0.10
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*+ 4 more
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
18- bugzilla.mozilla.org/show_bug.cginvdExploitIssue TrackingPatchVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2012-10/msg00019.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2012-10/msg00025.htmlnvdMailing ListThird Party Advisory
- rhn.redhat.com/errata/RHSA-2012-1407.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2012-1413.htmlnvdThird Party Advisory
- secunia.com/advisories/51121nvdThird Party Advisory
- secunia.com/advisories/51123nvdThird Party Advisory
- secunia.com/advisories/51127nvdThird Party Advisory
- secunia.com/advisories/51144nvdThird Party Advisory
- secunia.com/advisories/51146nvdThird Party Advisory
- secunia.com/advisories/51147nvdThird Party Advisory
- secunia.com/advisories/51165nvdThird Party Advisory
- secunia.com/advisories/55318nvdThird Party Advisory
- www.mozilla.org/security/announce/2012/mfsa2012-90.htmlnvdVendor Advisory
- www.securityfocus.com/bid/56306nvdThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/USN-1620-1nvdThird Party Advisory
- www.ubuntu.com/usn/USN-1620-2nvdThird Party Advisory
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16962nvdThird Party Advisory
News mentions
0No linked articles in our index yet.