Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to inject arbitrary web script or HTML via a (1) web page or (2) Firefox extension, related to improper enforcement of XPConnect security restrictions for frame scripts that call untrusted objects.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | 4.0 |
| Mozilla | Thunderbird | 5.0 |
| Mozilla | Seamonkey | <= 2.7 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html
- http://secunia.com/advisories/49055
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:013
- http://www.mozilla.org/security/announce/2012/mfsa2012-05.htmlVendor Advisory
- http://www.securityfocus.com/bid/51752
- https://bugzilla.mozilla.org/show_bug.cgi?id=705651
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72837
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html
- http://secunia.com/advisories/49055
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:013
- http://www.mozilla.org/security/announce/2012/mfsa2012-05.htmlVendor Advisory
- http://www.securityfocus.com/bid/51752
- https://bugzilla.mozilla.org/show_bug.cgi?id=705651
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72837
FAQ
What is CVE-2012-0446?
CVE-2012-0446 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to inject arbitrary web script or H...
How severe is CVE-2012-0446?
CVE-2012-0446 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-0446?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Thunderbird, Mozilla Seamonkey.