First published: Wed Aug 29 2012(Updated: )
Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use of the Object.defineProperty method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mozilla Firefox | <=14.0 | |
Mozilla Firefox | =1.0 | |
Mozilla Firefox | =1.0-preview_release | |
Mozilla Firefox | =1.0.1 | |
Mozilla Firefox | =1.0.2 | |
Mozilla Firefox | =1.0.3 | |
Mozilla Firefox | =1.0.4 | |
Mozilla Firefox | =1.0.5 | |
Mozilla Firefox | =1.0.6 | |
Mozilla Firefox | =1.0.7 | |
Mozilla Firefox | =1.0.8 | |
Mozilla Firefox | =1.4.1 | |
Mozilla Firefox | =1.5 | |
Mozilla Firefox | =1.5-beta1 | |
Mozilla Firefox | =1.5-beta2 | |
Mozilla Firefox | =1.5.0.1 | |
Mozilla Firefox | =1.5.0.2 | |
Mozilla Firefox | =1.5.0.3 | |
Mozilla Firefox | =1.5.0.4 | |
Mozilla Firefox | =1.5.0.5 | |
Mozilla Firefox | =1.5.0.6 | |
Mozilla Firefox | =1.5.0.7 | |
Mozilla Firefox | =1.5.0.8 | |
Mozilla Firefox | =1.5.0.9 | |
Mozilla Firefox | =1.5.0.10 | |
Mozilla Firefox | =1.5.0.11 | |
Mozilla Firefox | =1.5.0.12 | |
Mozilla Firefox | =1.5.1 | |
Mozilla Firefox | =1.5.2 | |
Mozilla Firefox | =1.5.3 | |
Mozilla Firefox | =1.5.4 | |
Mozilla Firefox | =1.5.5 | |
Mozilla Firefox | =1.5.6 | |
Mozilla Firefox | =1.5.7 | |
Mozilla Firefox | =1.5.8 | |
Mozilla Firefox | =1.8 | |
Mozilla Firefox | =2.0 | |
Mozilla Firefox | =2.0.0.1 | |
Mozilla Firefox | =2.0.0.2 | |
Mozilla Firefox | =2.0.0.3 | |
Mozilla Firefox | =2.0.0.4 | |
Mozilla Firefox | =2.0.0.5 | |
Mozilla Firefox | =2.0.0.6 | |
Mozilla Firefox | =2.0.0.7 | |
Mozilla Firefox | =2.0.0.8 | |
Mozilla Firefox | =2.0.0.9 | |
Mozilla Firefox | =2.0.0.10 | |
Mozilla Firefox | =2.0.0.11 | |
Mozilla Firefox | =2.0.0.12 | |
Mozilla Firefox | =2.0.0.13 | |
Mozilla Firefox | =2.0.0.14 | |
Mozilla Firefox | =2.0.0.15 | |
Mozilla Firefox | =2.0.0.16 | |
Mozilla Firefox | =2.0.0.17 | |
Mozilla Firefox | =2.0.0.18 | |
Mozilla Firefox | =2.0.0.19 | |
Mozilla Firefox | =2.0.0.20 | |
Mozilla Firefox | =3.0 | |
Mozilla Firefox | =3.0.1 | |
Mozilla Firefox | =3.0.2 | |
Mozilla Firefox | =3.0.3 | |
Mozilla Firefox | =3.0.4 | |
Mozilla Firefox | =3.0.5 | |
Mozilla Firefox | =3.0.6 | |
Mozilla Firefox | =3.0.7 | |
Mozilla Firefox | =3.0.8 | |
Mozilla Firefox | =3.0.9 | |
Mozilla Firefox | =3.0.10 | |
Mozilla Firefox | =3.0.11 | |
Mozilla Firefox | =3.0.12 | |
Mozilla Firefox | =3.0.13 | |
Mozilla Firefox | =3.0.14 | |
Mozilla Firefox | =3.0.15 | |
Mozilla Firefox | =3.0.16 | |
Mozilla Firefox | =3.0.17 | |
Mozilla Firefox | =3.5 | |
Mozilla Firefox | =3.5.1 | |
Mozilla Firefox | =3.5.2 | |
Mozilla Firefox | =3.5.3 | |
Mozilla Firefox | =3.5.4 | |
Mozilla Firefox | =3.5.5 | |
Mozilla Firefox | =3.5.6 | |
Mozilla Firefox | =3.5.7 | |
Mozilla Firefox | =3.5.8 | |
Mozilla Firefox | =3.5.9 | |
Mozilla Firefox | =3.5.10 | |
Mozilla Firefox | =3.5.11 | |
Mozilla Firefox | =3.5.12 | |
Mozilla Firefox | =3.5.13 | |
Mozilla Firefox | =3.5.14 | |
Mozilla Firefox | =3.5.15 | |
Mozilla Firefox | =3.6 | |
Mozilla Firefox | =3.6.2 | |
Mozilla Firefox | =3.6.3 | |
Mozilla Firefox | =3.6.4 | |
Mozilla Firefox | =3.6.6 | |
Mozilla Firefox | =3.6.7 | |
Mozilla Firefox | =3.6.8 | |
Mozilla Firefox | =3.6.9 | |
Mozilla Firefox | =3.6.10 | |
Mozilla Firefox | =3.6.11 | |
Mozilla Firefox | =3.6.12 | |
Mozilla Firefox | =3.6.13 | |
Mozilla Firefox | =3.6.14 | |
Mozilla Firefox | =3.6.15 | |
Mozilla Firefox | =3.6.16 | |
Mozilla Firefox | =3.6.17 | |
Mozilla Firefox | =3.6.18 | |
Mozilla Firefox | =3.6.19 | |
Mozilla Firefox | =3.6.20 | |
Mozilla Firefox | =3.6.21 | |
Mozilla Firefox | =3.6.22 | |
Mozilla Firefox | =3.6.23 | |
Mozilla Firefox | =3.6.24 | |
Mozilla Firefox | =3.6.25 | |
Mozilla Firefox | =4.0 | |
Mozilla Firefox | =4.0-beta1 | |
Mozilla Firefox | =4.0-beta10 | |
Mozilla Firefox | =4.0-beta11 | |
Mozilla Firefox | =4.0-beta12 | |
Mozilla Firefox | =4.0-beta2 | |
Mozilla Firefox | =4.0-beta3 | |
Mozilla Firefox | =4.0-beta4 | |
Mozilla Firefox | =4.0-beta5 | |
Mozilla Firefox | =4.0-beta6 | |
Mozilla Firefox | =4.0-beta7 | |
Mozilla Firefox | =4.0-beta8 | |
Mozilla Firefox | =4.0-beta9 | |
Mozilla Firefox | =4.0.1 | |
Mozilla Firefox | =5.0 | |
Mozilla Firefox | =5.0.1 | |
Mozilla Firefox | =6.0 | |
Mozilla Firefox | =6.0.1 | |
Mozilla Firefox | =6.0.2 | |
Mozilla Firefox | =7.0 | |
Mozilla Firefox | =7.0.1 | |
Mozilla Firefox | =8.0 | |
Mozilla Firefox | =8.0.1 | |
Mozilla Firefox | =9.0 | |
Mozilla Firefox | =9.0.1 | |
Mozilla Firefox | =10.0 | |
Mozilla Firefox | =10.0.1 | |
Mozilla Firefox | =10.0.2 | |
Mozilla Firefox | =11.0 | |
Mozilla Firefox | =12.0 | |
Mozilla Firefox | =12.0-beta6 | |
Mozilla Firefox | =13.0 | |
Mozilla Thunderbird | <=14.0 | |
Mozilla Thunderbird | =1.0 | |
Mozilla Thunderbird | =1.0.1 | |
Mozilla Thunderbird | =1.0.2 | |
Mozilla Thunderbird | =1.0.3 | |
Mozilla Thunderbird | =1.0.4 | |
Mozilla Thunderbird | =1.0.5 | |
Mozilla Thunderbird | =1.0.5-beta | |
Mozilla Thunderbird | =1.0.6 | |
Mozilla Thunderbird | =1.0.7 | |
Mozilla Thunderbird | =1.0.8 | |
Mozilla Thunderbird | =1.5 | |
Mozilla Thunderbird | =1.5-beta2 | |
Mozilla Thunderbird | =1.5.0.1 | |
Mozilla Thunderbird | =1.5.0.2 | |
Mozilla Thunderbird | =1.5.0.3 | |
Mozilla Thunderbird | =1.5.0.4 | |
Mozilla Thunderbird | =1.5.0.5 | |
Mozilla Thunderbird | =1.5.0.6 | |
Mozilla Thunderbird | =1.5.0.7 | |
Mozilla Thunderbird | =1.5.0.8 | |
Mozilla Thunderbird | =1.5.0.9 | |
Mozilla Thunderbird | =1.5.0.10 | |
Mozilla Thunderbird | =1.5.0.11 | |
Mozilla Thunderbird | =1.5.0.12 | |
Mozilla Thunderbird | =1.5.0.13 | |
Mozilla Thunderbird | =1.5.0.14 | |
Mozilla Thunderbird | =1.5.1 | |
Mozilla Thunderbird | =1.5.2 | |
Mozilla Thunderbird | =1.7.1 | |
Mozilla Thunderbird | =1.7.3 | |
Mozilla Thunderbird | =2.0 | |
Mozilla Thunderbird | =2.0.0.0 | |
Mozilla Thunderbird | =2.0.0.1 | |
Mozilla Thunderbird | =2.0.0.2 | |
Mozilla Thunderbird | =2.0.0.3 | |
Mozilla Thunderbird | =2.0.0.4 | |
Mozilla Thunderbird | =2.0.0.5 | |
Mozilla Thunderbird | =2.0.0.6 | |
Mozilla Thunderbird | =2.0.0.7 | |
Mozilla Thunderbird | =2.0.0.8 | |
Mozilla Thunderbird | =2.0.0.9 | |
Mozilla Thunderbird | =2.0.0.11 | |
Mozilla Thunderbird | =2.0.0.12 | |
Mozilla Thunderbird | =2.0.0.13 | |
Mozilla Thunderbird | =2.0.0.14 | |
Mozilla Thunderbird | =2.0.0.15 | |
Mozilla Thunderbird | =2.0.0.16 | |
Mozilla Thunderbird | =2.0.0.17 | |
Mozilla Thunderbird | =2.0.0.18 | |
Mozilla Thunderbird | =2.0.0.19 | |
Mozilla Thunderbird | =2.0.0.20 | |
Mozilla Thunderbird | =2.0.0.21 | |
Mozilla Thunderbird | =2.0.0.22 | |
Mozilla Thunderbird | =2.0.0.23 | |
Mozilla Thunderbird | =3.0 | |
Mozilla Thunderbird | =3.0.1 | |
Mozilla Thunderbird | =3.0.2 | |
Mozilla Thunderbird | =3.0.3 | |
Mozilla Thunderbird | =3.0.4 | |
Mozilla Thunderbird | =3.0.5 | |
Mozilla Thunderbird | =3.0.6 | |
Mozilla Thunderbird | =3.0.7 | |
Mozilla Thunderbird | =3.0.8 | |
Mozilla Thunderbird | =3.0.9 | |
Mozilla Thunderbird | =3.0.10 | |
Mozilla Thunderbird | =3.0.11 | |
Mozilla Thunderbird | =3.1 | |
Mozilla Thunderbird | =3.1.1 | |
Mozilla Thunderbird | =3.1.2 | |
Mozilla Thunderbird | =3.1.3 | |
Mozilla Thunderbird | =3.1.4 | |
Mozilla Thunderbird | =3.1.5 | |
Mozilla Thunderbird | =3.1.6 | |
Mozilla Thunderbird | =3.1.7 | |
Mozilla Thunderbird | =3.1.8 | |
Mozilla Thunderbird | =3.1.9 | |
Mozilla Thunderbird | =3.1.10 | |
Mozilla Thunderbird | =3.1.11 | |
Mozilla Thunderbird | =3.1.12 | |
Mozilla Thunderbird | =3.1.13 | |
Mozilla Thunderbird | =3.1.14 | |
Mozilla Thunderbird | =3.1.15 | |
Mozilla Thunderbird | =3.1.16 | |
Mozilla Thunderbird | =3.1.17 | |
Mozilla Thunderbird | =5.0 | |
Mozilla Thunderbird | =6.0 | |
Mozilla Thunderbird | =6.0.1 | |
Mozilla Thunderbird | =6.0.2 | |
Mozilla Thunderbird | =7.0 | |
Mozilla Thunderbird | =7.0.1 | |
Mozilla Thunderbird | =8.0 | |
Mozilla Thunderbird | =9.0 | |
Mozilla Thunderbird | =9.0.1 | |
Mozilla Thunderbird | =10.0 | |
Mozilla Thunderbird | =10.0.1 | |
Mozilla Thunderbird | =10.0.2 | |
Mozilla Thunderbird | =10.0.3 | |
Mozilla Thunderbird | =10.0.4 | |
Mozilla Thunderbird | =11.0 | |
Mozilla Thunderbird | =12.0 | |
Mozilla Thunderbird | =13.0 | |
Mozilla SeaMonkey | <=2.11 | |
Mozilla SeaMonkey | =2.0 | |
Mozilla SeaMonkey | =2.0-alpha_1 | |
Mozilla SeaMonkey | =2.0-alpha_2 | |
Mozilla SeaMonkey | =2.0-alpha_3 | |
Mozilla SeaMonkey | =2.0-beta_1 | |
Mozilla SeaMonkey | =2.0-beta_2 | |
Mozilla SeaMonkey | =2.0-rc1 | |
Mozilla SeaMonkey | =2.0-rc2 | |
Mozilla SeaMonkey | =2.0.1 | |
Mozilla SeaMonkey | =2.0.2 | |
Mozilla SeaMonkey | =2.0.3 | |
Mozilla SeaMonkey | =2.0.4 | |
Mozilla SeaMonkey | =2.0.5 | |
Mozilla SeaMonkey | =2.0.6 | |
Mozilla SeaMonkey | =2.0.7 | |
Mozilla SeaMonkey | =2.0.8 | |
Mozilla SeaMonkey | =2.0.9 | |
Mozilla SeaMonkey | =2.0.10 | |
Mozilla SeaMonkey | =2.0.11 | |
Mozilla SeaMonkey | =2.0.12 | |
Mozilla SeaMonkey | =2.0.13 | |
Mozilla SeaMonkey | =2.0.14 | |
Mozilla SeaMonkey | =2.1 | |
Mozilla SeaMonkey | =2.1-alpha1 | |
Mozilla SeaMonkey | =2.1-alpha2 | |
Mozilla SeaMonkey | =2.1-alpha3 | |
Mozilla SeaMonkey | =2.1-beta1 | |
Mozilla SeaMonkey | =2.1-beta2 | |
Mozilla SeaMonkey | =2.1-beta3 | |
Mozilla SeaMonkey | =2.1-rc1 | |
Mozilla SeaMonkey | =2.1-rc2 | |
Mozilla SeaMonkey | =2.2 | |
Mozilla SeaMonkey | =2.2-beta1 | |
Mozilla SeaMonkey | =2.2-beta2 | |
Mozilla SeaMonkey | =2.2-beta3 | |
Mozilla SeaMonkey | =2.3 | |
Mozilla SeaMonkey | =2.3-beta1 | |
Mozilla SeaMonkey | =2.3-beta2 | |
Mozilla SeaMonkey | =2.3-beta3 | |
Mozilla SeaMonkey | =2.3.1 | |
Mozilla SeaMonkey | =2.3.2 | |
Mozilla SeaMonkey | =2.3.3 | |
Mozilla SeaMonkey | =2.4 | |
Mozilla SeaMonkey | =2.4-beta1 | |
Mozilla SeaMonkey | =2.4-beta2 | |
Mozilla SeaMonkey | =2.4-beta3 | |
Mozilla SeaMonkey | =2.4.1 | |
Mozilla SeaMonkey | =2.5 | |
Mozilla SeaMonkey | =2.5-beta1 | |
Mozilla SeaMonkey | =2.5-beta2 | |
Mozilla SeaMonkey | =2.5-beta3 | |
Mozilla SeaMonkey | =2.5-beta4 | |
Mozilla SeaMonkey | =2.6 | |
Mozilla SeaMonkey | =2.6-beta1 | |
Mozilla SeaMonkey | =2.6-beta2 | |
Mozilla SeaMonkey | =2.6-beta3 | |
Mozilla SeaMonkey | =2.6-beta4 | |
Mozilla SeaMonkey | =2.6.1 | |
Mozilla SeaMonkey | =2.7 | |
Mozilla SeaMonkey | =2.7-beta1 | |
Mozilla SeaMonkey | =2.7-beta2 | |
Mozilla SeaMonkey | =2.7-beta3 | |
Mozilla SeaMonkey | =2.7-beta4 | |
Mozilla SeaMonkey | =2.7-beta5 | |
Mozilla SeaMonkey | =2.7.1 | |
Mozilla SeaMonkey | =2.7.2 | |
Mozilla SeaMonkey | =2.8 | |
Mozilla SeaMonkey | =2.8-beta1 | |
Mozilla SeaMonkey | =2.8-beta2 | |
Mozilla SeaMonkey | =2.8-beta3 | |
Mozilla SeaMonkey | =2.8-beta4 | |
Mozilla SeaMonkey | =2.8-beta5 | |
Mozilla SeaMonkey | =2.8-beta6 | |
Mozilla SeaMonkey | =2.9 | |
Mozilla SeaMonkey | =2.9-beta1 | |
Mozilla SeaMonkey | =2.9-beta2 | |
Mozilla SeaMonkey | =2.9-beta3 | |
Mozilla SeaMonkey | =2.10 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2012-1956 is classified as a moderate severity vulnerability that allows for potential cross-site scripting (XSS) attacks.
To fix CVE-2012-1956, users should upgrade their Mozilla Firefox, Thunderbird, or SeaMonkey to the latest versions that remediate this vulnerability.
CVE-2012-1956 affects Mozilla Firefox versions prior to 15.0, Thunderbird versions prior to 15.0, and SeaMonkey versions prior to 2.12.
CVE-2012-1956 is a cross-site scripting (XSS) vulnerability that can be exploited through the Object.defineProperty method.
While the best course of action is to update affected software, users may temporarily mitigate risk by limiting JavaScript execution in their browser settings.