CVE-2012-0446Cross-site Scripting in Mozilla Seamonkey

CWE-79Cross-site Scripting7 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.4%
top 37.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla SeamonkeyMozilla FirefoxMozilla Thunderbird
Timeline
PublishedFeb 1
Latest updateMay 4

Description

Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to inject arbitrary web script or HTML via a (1) web page or (2) Firefox extension, related to improper enforcement of XPConnect security restrictions for frame scripts that call untrusted objects.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

NVDmozilla/firefox11 versions+10
NVDmozilla/seamonkey2.7+57
NVDmozilla/thunderbird7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-jhfm-52vf-4cqg: Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 42022-05-04
CVEList
CVE-2012-0446: Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 42012-02-01

📋Vendor Advisories

4
Ubuntu
Thunderbird vulnerabilities2012-02-17
Ubuntu
Mozvoikko update2012-02-03
Ubuntu
ubufox and webfav update2012-02-03
Ubuntu
Firefox vulnerabilities2012-02-03
CVE-2012-0446 — Cross-site Scripting in Mozilla | cvebase