CVE-2012-1967

critical

Published 2012-07-18 · Modified 2026-04-29

CVSS v3

—

CVSS v2

10.0

VIR risk

10.0

Description

Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript sandbox utility, which allows remote attackers to execute arbitrary JavaScript code with improper privileges via a javascript: URL.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://www.mozilla.org/security/announce/2012/mfsa2012-56.html

Application impact

Vendor	Product	Versions
mozilla	firefox	`4.0`
mozilla	firefox	`4.0.1`
mozilla	firefox	`5.0`
mozilla	firefox	`5.0.1`
mozilla	firefox	`6.0`
mozilla	firefox	`6.0.1`
mozilla	firefox	`6.0.2`
mozilla	firefox	`7.0`
mozilla	firefox	`7.0.1`
mozilla	firefox	`8.0`
mozilla	firefox	`8.0.1`
mozilla	firefox	`9.0`
mozilla	firefox	`9.0.1`
mozilla	firefox	`11.0`
mozilla	firefox	`12.0`
mozilla	firefox	`13.0`
mozilla	firefox	`10.0`
mozilla	firefox	`10.0.1`
mozilla	firefox	`10.0.2`
mozilla	firefox	`10.0.3`
mozilla	firefox	`10.0.4`
mozilla	firefox	`10.0.5`
mozilla	thunderbird	`5.0`
mozilla	thunderbird	`6.0`
mozilla	thunderbird	`6.0.1`
mozilla	thunderbird	`6.0.2`
mozilla	thunderbird	`7.0`
mozilla	thunderbird	`7.0.1`
mozilla	thunderbird	`8.0`
mozilla	thunderbird	`9.0`
mozilla	thunderbird	`9.0.1`
mozilla	thunderbird	`10.0`
mozilla	thunderbird	`10.0.1`
mozilla	thunderbird	`10.0.2`
mozilla	thunderbird	`10.0.3`
mozilla	thunderbird	`10.0.4`
mozilla	thunderbird	`11.0`
mozilla	thunderbird	`12.0`
mozilla	thunderbird	`13.0`
mozilla	thunderbird_esr	`10.0`
mozilla	thunderbird_esr	`10.0.1`
mozilla	thunderbird_esr	`10.0.2`
mozilla	thunderbird_esr	`10.0.3`
mozilla	thunderbird_esr	`10.0.4`
mozilla	thunderbird_esr	`10.0.5`
mozilla	seamonkey	`{"endIncluding":"2.10"}`
mozilla	seamonkey	`1.0`
mozilla	seamonkey	`1.0.1`
mozilla	seamonkey	`1.0.2`
mozilla	seamonkey	`1.0.3`
mozilla	seamonkey	`1.0.4`
mozilla	seamonkey	`1.0.5`
mozilla	seamonkey	`1.0.6`
mozilla	seamonkey	`1.0.7`
mozilla	seamonkey	`1.0.8`
mozilla	seamonkey	`1.0.9`
mozilla	seamonkey	`1.1`
mozilla	seamonkey	`1.1.1`
mozilla	seamonkey	`1.1.2`
mozilla	seamonkey	`1.1.3`
mozilla	seamonkey	`1.1.4`
mozilla	seamonkey	`1.1.5`
mozilla	seamonkey	`1.1.6`
mozilla	seamonkey	`1.1.7`
mozilla	seamonkey	`1.1.8`
mozilla	seamonkey	`1.1.9`
mozilla	seamonkey	`1.1.10`
mozilla	seamonkey	`1.1.11`
mozilla	seamonkey	`1.1.12`
mozilla	seamonkey	`1.1.13`
mozilla	seamonkey	`1.1.14`
mozilla	seamonkey	`1.1.15`
mozilla	seamonkey	`1.1.16`
mozilla	seamonkey	`1.1.17`
mozilla	seamonkey	`1.1.18`
mozilla	seamonkey	`1.1.19`
mozilla	seamonkey	`1.5.0.8`
mozilla	seamonkey	`1.5.0.9`
mozilla	seamonkey	`1.5.0.10`
mozilla	seamonkey	`2.0`
mozilla	seamonkey	`2.0.1`
mozilla	seamonkey	`2.0.2`
mozilla	seamonkey	`2.0.3`
mozilla	seamonkey	`2.0.4`
mozilla	seamonkey	`2.0.5`
mozilla	seamonkey	`2.0.6`
mozilla	seamonkey	`2.0.7`
mozilla	seamonkey	`2.0.8`
mozilla	seamonkey	`2.0.9`
mozilla	seamonkey	`2.0.10`
mozilla	seamonkey	`2.0.11`
mozilla	seamonkey	`2.0.12`
mozilla	seamonkey	`2.0.13`
mozilla	seamonkey	`2.0.14`
mozilla	seamonkey	`2.1`

References

Verify integrity in audit chain (admin only). AS-IS.