SUSE CVE-2012-3994

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to conduct cross-site scripting XSS attacks via a binary plugin that uses Object.defineProperty to shadow the top object, and...

Mozilla: Frames can shadow top.location (MFSA 2012-103)

Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a "top" frame name-attribute value to access the location property, which makes it easier for remote attackers to conduct...

Mozilla: top object and location property accessible by plugins (MFSA 2012-82)

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to conduct cross-site scripting XSS attacks via a binary plugin that uses Object.defineProperty to shadow the top object, and...

Mozilla: top object and location property accessible by plugins (MFSA 2012-82)

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to conduct cross-site scripting XSS attacks via a binary plugin that uses Object.defineProperty to shadow the top object, and...

UBUNTU-CVE-2011-1185

Google Chrome before 10.0.648.127 does not prevent 1 navigation and 2 close operations on the top location of a sandboxed frame, which has unspecified impact and remote attack vectors...