Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2012-4209

Опубликовано: 21 нояб. 2012
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 4.3

Описание

Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a "top" frame name-attribute value to access the location property, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a binary plugin.

РелизСтатусПримечание
devel

not-affected

18.0~b2+build1-0ubuntu1
hardy

ignored

end of life
lucid

released

17.0+build2-0ubuntu0.10.04.1
oneiric

released

17.0+build2-0ubuntu0.11.10.1
precise

released

17.0+build2-0ubuntu0.12.04.1
quantal

released

17.0+build2-0ubuntu0.12.10.1
raring

not-affected

18.0~b2+build1-0ubuntu1
saucy

not-affected

18.0~b2+build1-0ubuntu1
upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

DNE

hardy

ignored

end of life
lucid

ignored

end of life
oneiric

ignored

end of life
precise

DNE

quantal

DNE

raring

DNE

saucy

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

not-affected

17.0+build2-0ubuntu1
hardy

ignored

end of life
lucid

released

17.0+build2-0ubuntu0.10.04.1
oneiric

released

17.0+build2-0ubuntu0.11.10.1
precise

released

17.0+build2-0ubuntu0.12.04.1
quantal

released

17.0+build2-0ubuntu0.12.10.1
raring

not-affected

17.0+build2-0ubuntu1
saucy

not-affected

17.0+build2-0ubuntu1
upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

DNE

hardy

ignored

end of life
lucid

ignored

end of life
oneiric

DNE

precise

DNE

quantal

DNE

raring

DNE

saucy

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

DNE

hardy

DNE

lucid

DNE

oneiric

DNE

precise

DNE

quantal

DNE

raring

DNE

saucy

DNE

upstream

needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 83%
0.02065
Низкий

4.3 Medium

CVSS2

Связанные уязвимости

redhat логотип

CVE-2012-4209

redhat
почти 13 лет назад

Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a "top" frame name-attribute value to access the location property, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a binary plugin.

nvd логотип

CVE-2012-4209

nvd
почти 13 лет назад

Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a "top" frame name-attribute value to access the location property, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a binary plugin.

debian логотип

CVE-2012-4209

debian
почти 13 лет назад

Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderb ...

github логотип

GHSA-mc6f-7xm8-q752

github
больше 3 лет назад

Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a "top" frame name-attribute value to access the location property, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a binary plugin.

oracle-oval логотип

ELSA-2012-1483

oracle-oval
почти 13 лет назад

ELSA-2012-1483: thunderbird security update (CRITICAL)

EPSS

Процентиль: 83%
0.02065
Низкий

4.3 Medium

CVSS2