{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-10-09T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils) methods, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=775868"}, {"name": "50904", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/50904"}, {"name": "50984", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/50984"}, {"name": "50935", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/50935"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-77.html"}, {"name": "50856", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/50856"}, {"name": "DSA-2565", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2012/dsa-2565"}, {"name": "50892", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/50892"}, {"name": "oval:org.mitre.oval:def:16834", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16834"}, {"name": "DSA-2572", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2012/dsa-2572"}, {"name": "RHSA-2012:1351", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1351.html"}, {"name": "50936", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/50936"}, {"name": "51181", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/51181"}, {"name": "55318", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/55318"}, {"name": "SUSE-SU-2012:1351", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html"}, {"name": "MDVSA-2012:163", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:163"}, {"name": "55922", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/55922"}, {"name": "USN-1611-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1611-1"}, {"name": "DSA-2569", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2012/dsa-2569"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-3986", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils) methods, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=775868", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=775868"}, {"name": "50904", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/50904"}, {"name": "50984", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/50984"}, {"name": "50935", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/50935"}, {"name": "http://www.mozilla.org/security/announce/2012/mfsa2012-77.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-77.html"}, {"name": "50856", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/50856"}, {"name": "DSA-2565", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2012/dsa-2565"}, {"name": "50892", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/50892"}, {"name": "oval:org.mitre.oval:def:16834", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16834"}, {"name": "DSA-2572", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2012/dsa-2572"}, {"name": "RHSA-2012:1351", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-1351.html"}, {"name": "50936", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/50936"}, {"name": "51181", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/51181"}, {"name": "55318", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/55318"}, {"name": "SUSE-SU-2012:1351", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html"}, {"name": "MDVSA-2012:163", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:163"}, {"name": "55922", "refsource": "BID", "url": "http://www.securityfocus.com/bid/55922"}, {"name": "USN-1611-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1611-1"}, {"name": "DSA-2569", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2012/dsa-2569"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T20:21:04.183Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=775868"}, {"name": "50904", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/50904"}, {"name": "50984", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/50984"}, {"name": "50935", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/50935"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-77.html"}, {"name": "50856", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/50856"}, {"name": "DSA-2565", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2012/dsa-2565"}, {"name": "50892", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/50892"}, {"name": "oval:org.mitre.oval:def:16834", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16834"}, {"name": "DSA-2572", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2012/dsa-2572"}, {"name": "RHSA-2012:1351", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1351.html"}, {"name": "50936", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/50936"}, {"name": "51181", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/51181"}, {"name": "55318", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/55318"}, {"name": "SUSE-SU-2012:1351", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html"}, {"name": "MDVSA-2012:163", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:163"}, {"name": "55922", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/55922"}, {"name": "USN-1611-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1611-1"}, {"name": "DSA-2569", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2012/dsa-2569"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-3986", "datePublished": "2012-10-10T17:00:00.000Z", "dateReserved": "2012-07-11T00:00:00.000Z", "dateUpdated": "2024-08-06T20:21:04.183Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "ED7476CA-93F4-43FE-93F4-B7F385A1D4F0", "versionEndExcluding": "10.0.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E0CFD74-DF80-41C7-880B-3024CCCE65AB", "versionEndExcluding": "10.0.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "98C70070-253F-4D0B-8717-85E7FA089D20", "versionEndExcluding": "16.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "8064CC14-2AA6-4631-946B-0915E7204835", "versionEndExcluding": "16.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*", "matchCriteriaId": "751D51E0-7240-4385-BB86-5F0619B79491", "versionEndExcluding": "2.13", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*", "matchCriteriaId": "EF49D26F-142E-468B-87C1-BABEA445255C", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*", "matchCriteriaId": "8382A145-CDD9-437E-9DE7-A349956778B3", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*", "matchCriteriaId": "F0545634-EC4A-48E8-AB3D-49802FB11758", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "3ED68ADD-BBDA-4485-BC76-58F011D72311", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_sdk:10:sp4:*:*:*:*:*:*", "matchCriteriaId": "2E94E678-E4D7-4056-9E9B-A4261A07F569", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*", "matchCriteriaId": "A53FF936-C785-4CEF-BAD0-3C3EB90EE466", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "8B072472-B463-4647-885D-E40B0115C810", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*", "matchCriteriaId": "2470C6E8-2024-4CF5-9982-CFF50E88EAE9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils) methods, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code."}, {"lang": "es", "value": "Mozilla Firefox v16.0, Firefox ESR v10.x antes de v10.0.8, Thunderbird antes de v16.0, Thunderbird ESR v10.x antes de v10.0.8, y SeaMonkey antes de v2.13, no restringe correctamente las llamadas a m\u00e9todos DOMWindowUtils (alias nsDOMWindowUtils), lo que permite a atacantes remotos evitar las restricciones de acceso a trav\u00e9s de c\u00f3digo JavaScript manipulado."}], "id": "CVE-2012-3986", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2012-10-10T17:55:01.707", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1351.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/50856"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/50892"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/50904"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/50935"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/50936"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/50984"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/51181"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/55318"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2012/dsa-2565"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2012/dsa-2569"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2012/dsa-2572"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:163"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-77.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/55922"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1611-1"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=775868"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16834"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1351.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/50856"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/50892"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/50904"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/50935"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/50936"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/50984"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/51181"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/55318"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2012/dsa-2565"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2012/dsa-2569"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2012/dsa-2572"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:163"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-77.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/55922"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1611-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=775868"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16834"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Johnny Stenback as the original reporter.", "affected_release": [{"advisory": "RHSA-2012:1350", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "firefox-0:10.0.8-1.el5_8", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2012-10-09T00:00:00Z"}, {"advisory": "RHSA-2012:1350", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "xulrunner-0:10.0.8-1.el5_8", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2012-10-09T00:00:00Z"}, {"advisory": "RHSA-2012:1351", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "thunderbird-0:10.0.8-1.el5_8", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2012-10-09T00:00:00Z"}, {"advisory": "RHSA-2012:1350", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "firefox-0:10.0.8-1.el6_3", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2012-10-09T00:00:00Z"}, {"advisory": "RHSA-2012:1350", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xulrunner-0:10.0.8-1.el6_3", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2012-10-09T00:00:00Z"}, {"advisory": "RHSA-2012:1351", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "thunderbird-0:10.0.8-1.el6_3", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2012-10-09T00:00:00Z"}], "bugzilla": {"description": "Mozilla: Some DOMWindowUtils methods bypass security checks (MFSA 2012-77)", "id": "863618", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863618"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified"}, "details": ["Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils) methods, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code."], "name": "CVE-2012-3986", "public_date": "2012-10-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2012-3986\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-3986\nhttp://www.mozilla.org/security/announce/2012/mfsa2012-77.html"], "threat_severity": "Moderate"}

{}