OVAL Reference oval:com.ubuntu.precise:def:20124205000

Oval Definition:

oval:com.ubuntu.precise:def:20124205000

Revision Date:	2012-11-21	Version:	1
Title:	CVE-2012-4205 on Ubuntu 12.04 LTS (precise) - medium.
Description:	Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks or obtain sensitive information by leveraging a sandboxed add-on.
Family:	unix	Class:	vulnerability
Status:		Reference(s):	CVE-2012-4205
Platform(s):	Ubuntu 12.04 LTS	Product(s):
Definition Synopsis
Ubuntu 12.04 LTS (precise) is installed. AND Package Information The 'firefox' package in precise was vulnerable but has been fixed (note: '17.0+build2-0ubuntu0.12.04.1'). OR The 'thunderbird' package in precise was vulnerable but has been fixed (note: '17.0+build2-0ubuntu0.12.04.1').