Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils) methods, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Canonical
  • Ubuntu Linux
Debian
  • Debian Linux
Mozilla
  • Firefox
  • Firefox Esr
  • Seamonkey
  • Thunderbird
  • Thunderbird Esr
Redhat
  • Enterprise Linux
  • Enterprise Linux Desktop
  • Enterprise Linux Eus
  • Enterprise Linux Server
  • Enterprise Linux Workstation
Suse
  • Linux Enterprise Desktop
  • Linux Enterprise Sdk
  • Linux Enterprise Server

Configuration 1 [-]

cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

Configuration 4 [-]

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Configuration 5 [-]

cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*

Configuration 6 [-]

OR cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Configuration 7 [-]

OR cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_sdk:10:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 5
firefox-0:10.0.8-1.el5_8 cpe:/o:redhat:enterprise_linux:5 RHSA-2012:1350 2012-10-09T00:00:00Z
xulrunner-0:10.0.8-1.el5_8 cpe:/o:redhat:enterprise_linux:5 RHSA-2012:1350 2012-10-09T00:00:00Z
thunderbird-0:10.0.8-1.el5_8 cpe:/o:redhat:enterprise_linux:5 RHSA-2012:1351 2012-10-09T00:00:00Z
Red Hat Enterprise Linux 6
firefox-0:10.0.8-1.el6_3 cpe:/o:redhat:enterprise_linux:6 RHSA-2012:1350 2012-10-09T00:00:00Z
xulrunner-0:10.0.8-1.el6_3 cpe:/o:redhat:enterprise_linux:6 RHSA-2012:1350 2012-10-09T00:00:00Z
thunderbird-0:10.0.8-1.el6_3 cpe:/o:redhat:enterprise_linux:6 RHSA-2012:1351 2012-10-09T00:00:00Z
References
Link Providers
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2012-1351.html cve-icon cve-icon
http://secunia.com/advisories/50856 cve-icon cve-icon
http://secunia.com/advisories/50892 cve-icon cve-icon
http://secunia.com/advisories/50904 cve-icon cve-icon
http://secunia.com/advisories/50935 cve-icon cve-icon
http://secunia.com/advisories/50936 cve-icon cve-icon
http://secunia.com/advisories/50984 cve-icon cve-icon
http://secunia.com/advisories/51181 cve-icon cve-icon
http://secunia.com/advisories/55318 cve-icon cve-icon
http://www.debian.org/security/2012/dsa-2565 cve-icon cve-icon
http://www.debian.org/security/2012/dsa-2569 cve-icon cve-icon
http://www.debian.org/security/2012/dsa-2572 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2012:163 cve-icon cve-icon
http://www.mozilla.org/security/announce/2012/mfsa2012-77.html cve-icon cve-icon cve-icon
http://www.securityfocus.com/bid/55922 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-1611-1 cve-icon cve-icon
https://bugzilla.mozilla.org/show_bug.cgi?id=775868 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2012-3986 cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16834 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2012-3986 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2012-10-10T17:00:00

Updated: 2024-08-06T20:21:04.183Z

Reserved: 2012-07-11T00:00:00

Link: CVE-2012-3986

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2012-10-10T17:55:01.707

Modified: 2020-08-10T14:47:50.280

Link: CVE-2012-3986

cve-icon Redhat

Severity : Moderate

Publid Date: 2012-10-09T00:00:00Z

Links: CVE-2012-3986 - Bugzilla