Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-6w8d-f2v4-4bd4
Vulnerability ID VCID-6w8d-f2v4-4bd4
Aliases CVE-2012-5841
Summary Mozilla developer Bobby Holley reported that security wrappers filter at the time of property access, but once a function is returned, the caller can use this function without further security checks. This affects cross-origin wrappers, allowing for write actions on objects when only read actions should be properly allowed. This can lead to cross-site scripting (XSS) attacks. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.0091 https://api.first.org/data/v1/epss?cve=CVE-2012-5841
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2012-100
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5841.json
https://api.first.org/data/v1/epss?cve=CVE-2012-5841
877628 https://bugzilla.redhat.com/show_bug.cgi?id=877628
CVE-2012-5841 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5841
GLSA-201301-01 https://security.gentoo.org/glsa/201301-01
mfsa2012-100 https://www.mozilla.org/en-US/security/advisories/mfsa2012-100
RHSA-2012:1482 https://access.redhat.com/errata/RHSA-2012:1482
RHSA-2012:1483 https://access.redhat.com/errata/RHSA-2012:1483
USN-1636-1 https://usn.ubuntu.com/1636-1/
USN-1638-1 https://usn.ubuntu.com/1638-1/
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.76149
EPSS Score 0.0091
Published At May 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-29T08:27:22.632920+00:00 Mozilla Importer Import https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2012/mfsa2012-100.md 38.6.0