{
  "threat_severity" : "Moderate",
  "public_date" : "2012-08-28T00:00:00Z",
  "bugzilla" : {
    "description" : "Mozilla: Location object can be shadowed using Object.defineProperty (MFSA 2012-59)",
    "id" : "851912",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=851912"
  },
  "cvss" : {
    "cvss_base_score" : "4.3",
    "cvss_scoring_vector" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
    "status" : "verified"
  },
  "details" : [ "Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use of the Object.defineProperty method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin." ],
  "acknowledgement" : "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Mariusz Mlynski as the original reporter.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2012-10-09T00:00:00Z",
    "advisory" : "RHSA-2012:1350",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "firefox-0:10.0.8-1.el5_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2012-10-09T00:00:00Z",
    "advisory" : "RHSA-2012:1350",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "xulrunner-0:10.0.8-1.el5_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2012-10-09T00:00:00Z",
    "advisory" : "RHSA-2012:1351",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "thunderbird-0:10.0.8-1.el5_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2012-10-09T00:00:00Z",
    "advisory" : "RHSA-2012:1350",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "firefox-0:10.0.8-1.el6_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2012-10-09T00:00:00Z",
    "advisory" : "RHSA-2012:1350",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "xulrunner-0:10.0.8-1.el6_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2012-10-09T00:00:00Z",
    "advisory" : "RHSA-2012:1351",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "thunderbird-0:10.0.8-1.el6_3"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2012-1956\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-1956\nhttp://www.mozilla.org/security/announce/2012/mfsa2012-59.html" ],
  "name" : "CVE-2012-1956",
  "csaw" : false
}