Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-7aj6-mfpj-myb3
Vulnerability ID VCID-7aj6-mfpj-myb3
Aliases CVE-2012-4184
Summary Security researcher Mariusz Mlynski reported that when InstallTrigger fails, it throws an error wrapped in a Chrome Object Wrapper (COW) that fails to specify exposed properties. These can then be added to the resulting object by an attacker, allowing access to chrome privileged functions through script. While investigating this issue, Mozilla security researcher moz_bug_r_a4 found that COW did not disallow accessing of properties from a standard prototype in some situations, even when the original issue had been fixed. These issues could allow for a cross-site scripting (XSS) attack or arbitrary code execution. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.01102 https://api.first.org/data/v1/epss?cve=CVE-2012-4184
generic_textual critical https://www.mozilla.org/en-US/security/advisories/mfsa2012-83
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4184.json
https://api.first.org/data/v1/epss?cve=CVE-2012-4184
863623 https://bugzilla.redhat.com/show_bug.cgi?id=863623
CVE-2012-4184 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4184
GLSA-201301-01 https://security.gentoo.org/glsa/201301-01
mfsa2012-83 https://www.mozilla.org/en-US/security/advisories/mfsa2012-83
RHSA-2012:1350 https://access.redhat.com/errata/RHSA-2012:1350
RHSA-2012:1351 https://access.redhat.com/errata/RHSA-2012:1351
USN-1600-1 https://usn.ubuntu.com/1600-1/
USN-1611-1 https://usn.ubuntu.com/1611-1/
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.78348
EPSS Score 0.01102
Published At May 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-29T08:27:24.881401+00:00 Mozilla Importer Import https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2012/mfsa2012-83.md 38.6.0