CVE-2012-0471Cross-site Scripting in Mozilla Seamonkey

CWE-79Cross-site Scripting8 documents6 sources
Severity
4.3MEDIUMNVD
EPSS
0.7%
top 27.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Mozilla SeamonkeyMozilla FirefoxMozilla Thunderbird+1 more
Timeline
PublishedApr 25
Latest updateMay 4

Description

Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via a multibyte character set.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

NVDmozilla/firefox18 versions+17
NVDmozilla/thunderbird15 versions+14
NVDmozilla/thunderbird_esr4 versions+3
NVDmozilla/seamonkey2.9+64

🔴Vulnerability Details

2
GHSA
GHSA-6c73-66gj-rv5f: Cross-site scripting (XSS) vulnerability in Mozilla Firefox 42022-05-04
CVEList
CVE-2012-0471: Cross-site scripting (XSS) vulnerability in Mozilla Firefox 42012-04-25

📋Vendor Advisories

4
Ubuntu
Thunderbird vulnerabilities2012-05-04
Ubuntu
ubufox update2012-04-27
Ubuntu
Firefox vulnerabilities2012-04-27
Red Hat
Mozilla: Potential XSS via multibyte content processing errors (MFSA 2012-24)2012-04-24

💬Community

1
Bugzilla
CVE-2012-0471 Mozilla: Potential XSS via multibyte content processing errors (MFSA 2012-24)2012-04-22
CVE-2012-0471 — Cross-site Scripting in Mozilla | cvebase