1. Home
  2. Vulnerabilities
  3. CVE-2012-4209

CVE-2012-4209

CVSS v2.0 4.3 (Medium)
43% Progress
EPSS 0.20 % (57th)
0.20% Progress
Affected Products 14
Advisories 8
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a "top" frame name-attribute value to access the location property, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a binary plugin.

Weaknesses
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2012-11-21 12:55:02
(11 years ago)
Updated Date
2020-08-13 19:32:31
(4 years ago)

Affected Products

Canonical

Mozilla

Opensuse

Redhat

Suse

Configuration #1

    CPE23 From Up To
  Mozilla Firefox prior 17.0 version cpe:2.3:a:mozilla:firefox < 17.0
  Mozilla Firefox Esr from 10.0 version and prior 10.0.11 version cpe:2.3:a:mozilla:firefox_esr >= 10.0 < 10.0.11
  Mozilla Seamonkey prior 2.14 version cpe:2.3:a:mozilla:seamonkey < 2.14
  Mozilla Thunderbird prior 17.0 version cpe:2.3:a:mozilla:thunderbird < 17.0
  Mozilla Thunderbird Esr from 10.0 version and prior 10.0.11 version cpe:2.3:a:mozilla:thunderbird_esr >= 10.0 < 10.0.11

Configuration #2

    CPE23 From Up To
  Opensuse 11.4 cpe:2.3:o:opensuse:opensuse:11.4
  Opensuse 12.1 cpe:2.3:o:opensuse:opensuse:12.1
  Opensuse 12.2 cpe:2.3:o:opensuse:opensuse:12.2
  Suse Linux Enterprise Desktop 10 SP4 cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4
  Suse Linux Enterprise Desktop 11 SP2 cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2
  Suse Linux Enterprise Server 10 SP4 cpe:2.3:o:suse:linux_enterprise_server:10:sp4
  Suse Linux Enterprise Server 11 SP2 cpe:2.3:o:suse:linux_enterprise_server:11:sp2
  Suse Linux Enterprise Server 11 SP2 for Vmware cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware
  Suse Linux Enterprise Software Development Kit 10 SP4 cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4
  Suse Linux Enterprise Software Development Kit 11 SP2 cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2

Configuration #3

    CPE23 From Up To
  Redhat Enterprise Linux Desktop 5.0 cpe:2.3:o:redhat:enterprise_linux_desktop:5.0
  Redhat Enterprise Linux Desktop 6.0 cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
  Redhat Enterprise Linux Eus 6.3 cpe:2.3:o:redhat:enterprise_linux_eus:6.3
  Redhat Enterprise Linux Server 5.0 cpe:2.3:o:redhat:enterprise_linux_server:5.0
  Redhat Enterprise Linux Server 6.0 cpe:2.3:o:redhat:enterprise_linux_server:6.0
  Redhat Enterprise Linux Workstation 5.0 cpe:2.3:o:redhat:enterprise_linux_workstation:5.0
  Redhat Enterprise Linux Workstation 6.0 cpe:2.3:o:redhat:enterprise_linux_workstation:6.0

Configuration #4

    CPE23 From Up To
  Canonical Ubuntu Linux 10.04 cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-
  Canonical Ubuntu Linux 11.10 cpe:2.3:o:canonical:ubuntu_linux:11.10
  Canonical Ubuntu Linux 12.04 cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm
  Canonical Ubuntu Linux 12.10 cpe:2.3:o:canonical:ubuntu_linux:12.10