Privilege escalation in Mozilla Firefox
CVE-2012-3993
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures…
Vulnerability class: Privilege Escalation
EPSS: 0.808 (99.2th percentile) — read the EPSS interpretation.
Affected products
- Mozilla Firefox — versions 10.0, 10.0.1, 10.0.2
- Mozilla Seamonkey — versions 2.0, 2.0.1, 2.0.2
- Mozilla Thunderbird — versions 1.0, 1.0.1, 1.0.2
- Mozilla Thunderbird_esr — versions 10.0, 10.0.1, 10.0.2
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- 50904 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
- 50984 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
- 50935 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
- 50856 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
- 50892 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
- oval:org.mitre.oval:def:16718 (x_refsource_OVAL, signature, Third Party Advisory, vdb-entry)
- RHSA-2012:1351 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- firefox-cow-privilege-escalation(79153) (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_XF)
- 50936 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
Frequently asked questions
- What is CVE-2012-3993?
- CVE-2012-3993 is a vulnerability in Mozilla Firefox, classified under Improper Privilege Management. Published 2012-10-10.
- Is CVE-2012-3993 known to be exploited?
- 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.