CVE-2012-3993

HIGH Year: 2012
CVSS v2 Score
9.3
Critical
Weakness Type
CWE-269
View all →

Vulnerability Description

The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallTrigger methods, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site, related to an "XrayWrapper pollution" issue.

Related Vulnerabilities

CVE-2018-4310

CRITICAL
CVSS:10.0(Critical)

An access issue was addressed with additional sandbox restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14.

CWE-2692018

CVE-2020-27655

CRITICAL
CVSS:10.0(Critical)

Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic.

CWE-2692020

CVE-2021-1388

CRITICAL
CVSS:10.0(Critical)

A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine could allow an unauthenticated, remote attacker to bypass authentication on a...

CWE-2692021

CVE-2022-24783

CRITICAL
CVSS:10.0(Critical)

Deno is a runtime for JavaScript and TypeScript. The versions of Deno between release 1.18.0 and 1.20.2 (inclusive) are vulnerable to an attack where a malicious actor controlling the code executed in...

CWE-2692022

CVE-2024-6240

CRITICAL
CVSS:10.0(Critical)

Improper privilege management vulnerability in Parallels Desktop Software, which affects versions earlier than 19.3.0. An attacker could add malicious code in a script and populate the BASH_ENV enviro...

CWE-2692024

CVE-2025-0505

CRITICAL
CVSS:10.0(Critical)

On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary...

CWE-2692025