CVE-2012-4184
Summary
| CVE | CVE-2012-4184 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2012-10-10 17:55:00 UTC |
| Updated | 2020-08-13 18:32:00 UTC |
| Description | The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not prevent access to properties of a prototype for a standard class, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Canonical | Ubuntu Linux | 10.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 11.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 11.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 10.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 11.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 11.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Application | Mozilla | Firefox | All | All | All | All |
| Application | Mozilla | Firefox | All | All | All | All |
| Application | Mozilla | Firefox Esr | All | All | All | All |
| Application | Mozilla | Firefox Esr | All | All | All | All |
| Application | Mozilla | Seamonkey | All | All | All | All |
| Application | Mozilla | Seamonkey | All | All | All | All |
| Application | Mozilla | Thunderbird | All | All | All | All |
| Application | Mozilla | Thunderbird | All | All | All | All |
| Application | Mozilla | Thunderbird Esr | All | All | All | All |
| Application | Mozilla | Thunderbird Esr | All | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 5.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 5.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Eus | 6.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux Eus | 6.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 5.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 5.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 5.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 5.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 6.0 | All | All | All |
| Operating System | Suse | Linux Enterprise Desktop | 10 | sp4 | All | All |
| Operating System | Suse | Linux Enterprise Desktop | 11 | sp3 | All | All |
| Operating System | Suse | Linux Enterprise Desktop | 10 | sp4 | All | All |
| Operating System | Suse | Linux Enterprise Desktop | 11 | sp3 | All | All |
| Operating System | Suse | Linux Enterprise Sdk | 10 | sp4 | All | All |
| Operating System | Suse | Linux Enterprise Sdk | 10 | sp4 | All | All |
| Operating System | Suse | Linux Enterprise Server | 10 | sp4 | All | All |
| Operating System | Suse | Linux Enterprise Server | 11 | sp3 | All | All |
| Operating System | Suse | Linux Enterprise Server | 11 | sp3 | All | All |
| Operating System | Suse | Linux Enterprise Server | 10 | sp4 | All | All |
| Operating System | Suse | Linux Enterprise Server | 11 | sp3 | All | All |
| Operating System | Suse | Linux Enterprise Server | 11 | sp3 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| USN-1611-1: Thunderbird vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | Third Party Advisory |
| 86113 | OSVDB | osvdb.org | Broken Link |
| About Secunia Research | Flexera | SECUNIA | secunia.com | Third Party Advisory |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Third Party Advisory |
| About Secunia Research | Flexera | SECUNIA | secunia.com | Third Party Advisory |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | Third Party Advisory, VDB Entry |
| About Secunia Research | Flexera | SECUNIA | secunia.com | Third Party Advisory |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | Third Party Advisory |
| Support / Security / Advisories / / MDVSA-2012:163 | Mandriva | MANDRIVA | www.mandriva.com | Third Party Advisory |
| 780370 – (CVE-2012-4184) ChromeObjectWrapper is not implemented as intended | CONFIRM | bugzilla.mozilla.org | Issue Tracking, Vendor Advisory |
| Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4184 Arbitrary Code Execution Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Security Advisory SA50892 - Ubuntu update for firefox - Secunia | SECUNIA | secunia.com | Third Party Advisory |
| MFSA 2012-83: Chrome Object Wrapper (COW) does not disallow acces to privileged functions or properties | CONFIRM | www.mozilla.org | Vendor Advisory |
| [security-announce] SUSE-SU-2012:1351-1: important: Security update for | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 690312 Free Berkeley Software Distribution (FreeBSD) Security Update for mozilla (6e5a9afd-12d3-11e2-b47d-c8600054b392)