CVE-2012-4201

The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 uses an incorrect context during the handling of JavaScript code that sets the location.href property, which allows remote attackers to conduct cross-site scripting (XSS) attacks or read arbitrary files by leveraging a sandboxed add-on.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html	Mailing List Third Party Advisory
http://osvdb.org/87594	Broken Link
http://rhn.redhat.com/errata/RHSA-2012-1482.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-1483.html	Third Party Advisory
http://secunia.com/advisories/51359	Third Party Advisory
http://secunia.com/advisories/51360	Third Party Advisory
http://secunia.com/advisories/51369	Third Party Advisory
http://secunia.com/advisories/51370	Third Party Advisory
http://secunia.com/advisories/51381	Third Party Advisory
http://secunia.com/advisories/51434	Third Party Advisory
http://secunia.com/advisories/51439	Third Party Advisory
http://secunia.com/advisories/51440	Third Party Advisory
http://www.debian.org/security/2012/dsa-2583	Third Party Advisory
http://www.debian.org/security/2012/dsa-2584	Third Party Advisory
http://www.debian.org/security/2012/dsa-2588	Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2012:173	Third Party Advisory
http://www.mozilla.org/security/announce/2012/mfsa2012-93.html	Vendor Advisory
http://www.securityfocus.com/bid/56618	Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-1636-1	Third Party Advisory
http://www.ubuntu.com/usn/USN-1638-1	Third Party Advisory
http://www.ubuntu.com/usn/USN-1638-2	Third Party Advisory
http://www.ubuntu.com/usn/USN-1638-3	Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=747607	Exploit Issue Tracking Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/80171	Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15995	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html	Mailing List Third Party Advisory
http://osvdb.org/87594	Broken Link
http://rhn.redhat.com/errata/RHSA-2012-1482.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-1483.html	Third Party Advisory
http://secunia.com/advisories/51359	Third Party Advisory
http://secunia.com/advisories/51360	Third Party Advisory
http://secunia.com/advisories/51369	Third Party Advisory
http://secunia.com/advisories/51370	Third Party Advisory
http://secunia.com/advisories/51381	Third Party Advisory
http://secunia.com/advisories/51434	Third Party Advisory
http://secunia.com/advisories/51439	Third Party Advisory
http://secunia.com/advisories/51440	Third Party Advisory
http://www.debian.org/security/2012/dsa-2583	Third Party Advisory
http://www.debian.org/security/2012/dsa-2584	Third Party Advisory
http://www.debian.org/security/2012/dsa-2588	Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2012:173	Third Party Advisory
http://www.mozilla.org/security/announce/2012/mfsa2012-93.html	Vendor Advisory
http://www.securityfocus.com/bid/56618	Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-1636-1	Third Party Advisory
http://www.ubuntu.com/usn/USN-1638-1	Third Party Advisory
http://www.ubuntu.com/usn/USN-1638-2	Third Party Advisory
http://www.ubuntu.com/usn/USN-1638-3	Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=747607	Exploit Issue Tracking Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/80171	Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15995	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:seamonkey::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::
	cpe:2.3:a:mozilla:thunderbird_esr::::::::

Configuration 2 (hide)

OR	cpe:2.3:o:opensuse:opensuse:11.4:::::::*
	cpe:2.3:o:opensuse:opensuse:12.1:::::::*
	cpe:2.3:o:opensuse:opensuse:12.2:::::::*
	cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4::::::
	cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2::::::
	cpe:2.3:o:suse:linux_enterprise_server:10:sp4::::::
	cpe:2.3:o:suse:linux_enterprise_server:11:sp2::::::
	cpe:2.3:o:suse:linux_enterprise_server:11:sp2::::vmware::*
	cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4::::::
	cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2::::::

Configuration 3 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:6.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

Configuration 4 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:10.04::::-:::
	cpe:2.3:o:canonical:ubuntu_linux:11.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:12.10:::::::*

Configuration 5 (hide)

OR	cpe:2.3:o:debian:debian_linux:6.0:::::::*
	cpe:2.3:o:debian:debian_linux:7.0:::::::*

History

21 Nov 2024, 01:42

21 Oct 2024, 13:55

Type	Values Removed	Values Added
CPE	cpe:2.3:a:mozilla:firefox_esr::::::::

Information

Published : 2012-11-21 12:55

Updated : 2025-04-11 00:51

NVD link : CVE-2012-4201

Mitre link : CVE-2012-4201

CVE.ORG link : CVE-2012-4201

JSON object : View

Products Affected

debian

debian_linux

redhat

enterprise_linux_workstation
enterprise_linux_server
enterprise_linux_eus
enterprise_linux_desktop

suse

linux_enterprise_server
linux_enterprise_desktop
linux_enterprise_software_development_kit

mozilla

thunderbird
seamonkey
thunderbird_esr
firefox

opensuse

opensuse

canonical

ubuntu_linux

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2012-4201", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2012-11-21T12:55:01.477", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://osvdb.org/87594", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://rhn.redhat.com/errata/RHSA-2012-1482.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://rhn.redhat.com/errata/RHSA-2012-1483.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/51359", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/51360", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/51369", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/51370", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/51381", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/51434", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/51439", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/51440", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2012/dsa-2583", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2012/dsa-2584", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2012/dsa-2588", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:173", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-93.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/56618", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.ubuntu.com/usn/USN-1636-1", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.ubuntu.com/usn/USN-1638-1", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.ubuntu.com/usn/USN-1638-2", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.ubuntu.com/usn/USN-1638-3", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=747607", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80171", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15995", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/87594", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2012-1482.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2012-1483.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/51359", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/51360", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/51369", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/51370", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/51381", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/51434", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/51439", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/51440", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2012/dsa-2583", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2012/dsa-2584", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2012/dsa-2588", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:173", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-93.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/56618", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ubuntu.com/usn/USN-1636-1", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ubuntu.com/usn/USN-1638-1", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ubuntu.com/usn/USN-1638-2", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ubuntu.com/usn/USN-1638-3", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=747607", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80171", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15995", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 uses an incorrect context during the handling of JavaScript code that sets the location.href property, which allows remote attackers to conduct cross-site scripting (XSS) attacks or read arbitrary files by leveraging a sandboxed add-on."}, {"lang": "es", "value": "La implementaci\u00f3n evalInSandbox en Mozilla Firefox antes de v17.0, v10.x Firefox ESR antes de v10.0.11, Thunderbird antes de v17.0, Thunderbird ESR v10.x antes de v10.0.11, y SeaMonkey antes de v2.14 usa un contexto incorrecto durante la manipulaci\u00f3n de c\u00f3digo JavaScript que establece la propiedad location.href, lo que permite a atacantes remotos realizar ataques de ejecuci\u00f3n de comandos en sitios cruzados (XSS) o leer archivos de su elecci\u00f3n aprovech\u00e1ndose de un espacio complemento aislado (\"sandboxed\").\r\n"}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23C27B04-A1E0-4930-AF63-E2B1E57F75BE", "versionEndExcluding": "17.0"}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46BBBC83-F777-4899-9F6A-094CDD9CFF0F", "versionEndExcluding": "10.0.11", "versionStartIncluding": "10.0"}, {"criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9DEF1D7-9412-4632-A689-AFD71FEFACC0", "versionEndExcluding": "2.14"}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "61E5E742-2A0F-4483-A784-EACBEE1DF267", "versionEndExcluding": "17.0"}, {"criteria": "cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "828E00D1-8F2A-43AF-93DB-B1985CE68A8A", "versionEndExcluding": "10.0.11", "versionStartIncluding": "10.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4"}, {"criteria": "cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EBB2C482-D2A4-48B3-ACE7-E1DFDCC409B5"}, {"criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0545634-EC4A-48E8-AB3D-49802FB11758"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00720D8C-3FF3-4B1C-B74B-91F01A544399"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A53FF936-C785-4CEF-BAD0-3C3EB90EE466"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F084E6C1-8DB0-4D1F-B8EB-5D2CD9AD6E87"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*", "vulnerable": true, "matchCriteriaId": "DB4D6749-81A1-41D7-BF4F-1C45A7F49A22"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "436EF2ED-FDBB-4B64-8EC4-33C3E4253F06"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5AA37837-3083-4DC7-94F4-54FD5D7CB53C"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8382A145-CDD9-437E-9DE7-A349956778B3"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "vulnerable": true, "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244"}, {"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

4.3 /10