CVE-2012-0474Cross-site Scripting in Mozilla Seamonkey

CWE-79Cross-site Scripting9 documents7 sources
Severity
4.3MEDIUMNVD
EPSS
0.7%
top 28.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Mozilla SeamonkeyMozilla FirefoxMozilla Thunderbird+1 more
Timeline
PublishedApr 25
Latest updateMay 4

Description

Cross-site scripting (XSS) vulnerability in the docshell implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via vectors related to short-circuited page loads, aka "Universal XSS (UXSS)."

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

NVDmozilla/firefox18 versions+17
NVDmozilla/thunderbird15 versions+14
NVDmozilla/thunderbird_esr4 versions+3
NVDmozilla/seamonkey2.9+64

🔴Vulnerability Details

2
GHSA
GHSA-66r3-h3v8-4pjm: Cross-site scripting (XSS) vulnerability in the docshell implementation in Mozilla Firefox 42022-05-04
CVEList
CVE-2012-0474: Cross-site scripting (XSS) vulnerability in the docshell implementation in Mozilla Firefox 42012-04-25

💥Exploits & PoCs

1
Exploit-DB
ManageEngine Application Manager 10 - Multiple Vulnerabilities2012-08-01

📋Vendor Advisories

4
Ubuntu
Thunderbird vulnerabilities2012-05-04
Ubuntu
ubufox update2012-04-27
Ubuntu
Firefox vulnerabilities2012-04-27
Red Hat
Mozilla: Page load short-circuit can lead to XSS (MFSA 2012-27)2012-04-24

💬Community

1
Bugzilla
CVE-2012-0474 Mozilla: Page load short-circuit can lead to XSS (MFSA 2012-27)2012-04-22
CVE-2012-0474 — Cross-site Scripting in Mozilla | cvebase