suse · CVE-2012-4205

Quick triage

Priority: medium 公開: 2021-05-30 13:05:51 UTC Updated: 2026-04-18 19:09:03 UTC

参照: Official suse advisory, NVD, CVE.org · CVE 詳細

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2012-4205 severity moderate: SUSE including 69 source package names (MozillaFirefox-10.0.11-0.3.1, MozillaFirefox-140.2.0-160000.1.2, …), 108 product×package rows across 31 product lines (SUSE Linux Enterprise Desktop 11 SP2, SUSE Linux Enterprise Desktop 12, … (31 product lines)): Fixed 108.

Description:

Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks or obtain sensitive information by leveraging a sandboxed add-on.

cvelogic Threat Intelligence