CVE-2012-0477 — Cross-site Scripting in Mozilla Seamonkey

CWE-79 — Cross-site Scripting8 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

0.7%

top 27.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Seamonkey Mozilla Firefox Mozilla Thunderbird +1 more

Timeline

PublishedApr 25

Latest updateMay 4

Description

Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to inject arbitrary web script or HTML via the (1) ISO-2022-KR or (2) ISO-2022-CN character set.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

▶NVDmozilla/firefox18 versions+17

▶NVDmozilla/thunderbird15 versions+14

▶NVDmozilla/thunderbird_esr4 versions+3

▶NVDmozilla/seamonkey2.9+64

🔴Vulnerability Details

GHSA

GHSA-g8qf-h77h-c3gw: Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4↗2022-05-04

▶

CVEList

CVE-2012-0477: Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4↗2012-04-25

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2012-05-04

▶

Ubuntu

ubufox update↗2012-04-27

▶

Ubuntu

Firefox vulnerabilities↗2012-04-27

▶

Red Hat

Mozilla: Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues (MFSA 2012-29)↗2012-04-24

▶

💬Community

Bugzilla

CVE-2012-0477 Mozilla: Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues (MFSA 2012-29)↗2012-04-22

▶