CVE-2012-3991

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict JSAPI access to the GetProperty function, which allows remote attackers to bypass the Same Origin Policy and possibly have unspecified other impact via a crafted web site.

Published: Oct 10, 2012
Updated: Apr 13, 2023
CVE: CVE-2012-3991
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
mozilla / firefox_esr	-	10.0.8
mozilla / thunderbird_esr	-	10.0.8
mozilla / firefox	-	16.0
mozilla / thunderbird	-	16.0
mozilla / seamonkey	-	2.13
redhat / enterprise_linux_server	5.0	5.0.x
redhat / enterprise_linux_workstation	5.0	5.0.x
canonical / ubuntu_linux	11.04	11.04.x
canonical / ubuntu_linux	11.10	11.10.x
redhat / enterprise_linux_desktop	6.0	6.0.x
redhat / enterprise_linux_server	6.0	6.0.x
redhat / enterprise_linux_workstation	6.0	6.0.x
redhat / enterprise_linux_desktop	5.0	5.0.x
canonical / ubuntu_linux	12.04	12.04.x
redhat / enterprise_linux_eus	6.3	6.3.x
canonical / ubuntu_linux	10.04	10.04.x
suse / linux_enterprise_desktop	11-sp3	11-sp3.x
suse / linux_enterprise_server	11-sp3	11-sp3.x
suse / linux_enterprise_server	10-sp4	10-sp4.x
suse / linux_enterprise_desktop	10-sp4	10-sp4.x
suse / linux_enterprise_sdk	10-sp4	10-sp4.x

Vulnerability Database

289,782

CVE-2012-3991