Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2012-1957

Опубликовано: 18 июл. 2012
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 4.3

Описание

An unspecified parser-utility class in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly handle EMBED elements within description elements in RSS feeds, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a feed.

РелизСтатусПримечание
devel

not-affected

14.0.1+build1-0ubuntu2
hardy

ignored

end of life
lucid

released

14.0.1+build1-0ubuntu0.10.04.1
natty

released

14.0.1+build1-0ubuntu0.11.04.1
oneiric

released

14.0.1+build1-0ubuntu0.11.10.1
precise

released

14.0.1+build1-0ubuntu0.12.04.1
quantal

not-affected

14.0.1+build1-0ubuntu2
raring

not-affected

14.0.1+build1-0ubuntu2
saucy

not-affected

14.0.1+build1-0ubuntu2
upstream

released

14

Показывать по

РелизСтатусПримечание
devel

DNE

hardy

ignored

end of life
lucid

ignored

end of life
natty

ignored

end of life
oneiric

ignored

end of life
precise

DNE

quantal

DNE

raring

DNE

saucy

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

not-affected

14.0+build1-0ubuntu2
hardy

ignored

end of life
lucid

released

14.0+build1-0ubuntu0.10.04.1
natty

released

14.0+build1-0ubuntu0.11.04.1
oneiric

released

14.0+build1-0ubuntu0.11.10.1
precise

released

14.0+build1-0ubuntu0.12.04.1
quantal

not-affected

14.0+build1-0ubuntu2
raring

not-affected

14.0+build1-0ubuntu2
saucy

not-affected

14.0+build1-0ubuntu2
upstream

released

14

Показывать по

РелизСтатусПримечание
devel

DNE

hardy

ignored

end of life
lucid

ignored

end of life
natty

ignored

end of life
oneiric

DNE

precise

DNE

quantal

DNE

raring

DNE

saucy

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

DNE

hardy

DNE

lucid

DNE

natty

ignored

end of life
oneiric

DNE

precise

DNE

quantal

DNE

raring

DNE

saucy

DNE

upstream

needs-triage

Показывать по

EPSS

Процентиль: 76%
0.00998
Низкий

4.3 Medium

CVSS2

Связанные уязвимости

redhat
около 13 лет назад

An unspecified parser-utility class in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly handle EMBED elements within description elements in RSS feeds, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a feed.

nvd
около 13 лет назад

An unspecified parser-utility class in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly handle EMBED elements within description elements in RSS feeds, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a feed.

debian
около 13 лет назад

An unspecified parser-utility class in Mozilla Firefox 4.x through 13. ...

github
больше 3 лет назад

An unspecified parser-utility class in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly handle EMBED elements within description elements in RSS feeds, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a feed.

oracle-oval
около 13 лет назад

ELSA-2012-1089: thunderbird security update (CRITICAL)

EPSS

Процентиль: 76%
0.00998
Низкий

4.3 Medium

CVSS2