Bug 863617 (CVE-2012-3985)

Summary:	CVE-2012-3985 Mozilla: Continued access to initial origin after setting document.domain can lead to XSS attacks (MFSA 2012-76)
Product:	[Other] Security Response	Reporter:	Huzaifa S. Sidhpurwala <huzaifas>
Component:	vulnerability	Assignee:	Red Hat Product Security <security-response-team>
Status:	CLOSED NOTABUG	QA Contact:
Severity:	medium	Docs Contact:
Priority:	medium
Version:	unspecified	CC:	security-response-team
Target Milestone:	---	Keywords:	Security
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2012-10-06 04:47:54 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:
Bug Blocks:	852611

Description Huzaifa S. Sidhpurwala 2012-10-06 04:45:37 UTC

Security researcher Collin Jackson reported a violation of the HTML5 specifications for document.domain behavior. Specified behavior requires pages to only have access to windows in a new document.domain but the observed violation allowed pages to retain access to windows from the page's initial origin in addition to the new document.domain. This could potentially lead to cross-site scripting (XSS) attacks.

In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products.

Reference:
http://www.mozilla.org/security/announce/2012/mfsa2012-76.html

Acknowledgements:
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Collin Jackson as the original reporter.

Comment 1 Huzaifa S. Sidhpurwala 2012-10-06 04:47:54 UTC

Statement:

Not Vulnerable. This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5 and 6.