Lucene search

K
cve[email protected]CVE-2012-4209
HistoryNov 21, 2012 - 12:55 p.m.

CVE-2012-4209

2012-11-2112:55:02
CWE-79
web.nvd.nist.gov
30
cve-2012-4209
mozilla firefox
thunderbird
seamonkey
xss
cross-site scripting
vulnerability
nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

7.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.9%

Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a “top” frame name-attribute value to access the location property, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a binary plugin.

Affected configurations

NVD
Node
mozillafirefoxRange<17.0
OR
mozillafirefox_esrRange10.010.0.11
OR
mozillaseamonkeyRange<2.14
OR
mozillathunderbirdRange<17.0
OR
mozillathunderbird_esrRange10.010.0.11
Node
opensuseopensuseMatch11.4
OR
opensuseopensuseMatch12.1
OR
opensuseopensuseMatch12.2
OR
suselinux_enterprise_desktopMatch10sp4
OR
suselinux_enterprise_desktopMatch11sp2
OR
suselinux_enterprise_serverMatch10sp4
OR
suselinux_enterprise_serverMatch11sp2
OR
suselinux_enterprise_serverMatch11sp2vmware
OR
suselinux_enterprise_software_development_kitMatch10sp4
OR
suselinux_enterprise_software_development_kitMatch11sp2
Node
redhatenterprise_linux_desktopMatch5.0
OR
redhatenterprise_linux_desktopMatch6.0
OR
redhatenterprise_linux_eusMatch6.3
OR
redhatenterprise_linux_serverMatch5.0
OR
redhatenterprise_linux_serverMatch6.0
OR
redhatenterprise_linux_workstationMatch5.0
OR
redhatenterprise_linux_workstationMatch6.0
Node
canonicalubuntu_linuxMatch10.04-
OR
canonicalubuntu_linuxMatch11.10
OR
canonicalubuntu_linuxMatch12.04esm
OR
canonicalubuntu_linuxMatch12.10

References

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

7.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.9%