CVE-2012-4208 in Firefoxinfo

Summary

The XrayWrapper implementation in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 does not consider the compartment during property filtering, which allows remote attackers to bypass intended chrome-only restrictions on reading DOM object properties via a crafted web site.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

08/08/2012

Disclosure

11/21/2012

Moderation

VulDB entry created

Entries

CPE

ready

CWE

CWE-264

CVSS

5.3

EPSS

0.00577

CTI

0.00

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2012-4208
NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-4208
CVE Details	https://www.cvedetails.com/cve/CVE-2012-4208/

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!