QwikSec

Security Database

CVE

CWE

Training

CVE-2012-4209

Published: Nov 21, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a "top" frame name-attribute value to access the location property, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a binary plugin.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_UBUNTU

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_UBUNTU

https://bugzilla.mozilla.org/show_bug.cgi?id=792405

x_refsource_CONFIRM

openSUSE-SU-2012:1586

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_UBUNTU

openSUSE-SU-2013:0175

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

third-party-advisory

x_refsource_SECUNIA

openSUSE-SU-2012:1583

vendor-advisory

x_refsource_SUSE

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_UBUNTU

SUSE-SU-2012:1592

vendor-advisory

x_refsource_SUSE

firefox-toplocation-xss(80181)

vdb-entry

x_refsource_XF

http://www.mozilla.org/security/announce/2012/mfsa2012-103.html

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_MANDRIVA

openSUSE-SU-2012:1585

vendor-advisory

x_refsource_SUSE

vdb-entry

x_refsource_BID

third-party-advisory

x_refsource_SECUNIA

oval:org.mitre.oval:def:16880

vdb-entry

signature

x_refsource_OVAL

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.