CVE-2012-3992

Priority
Description
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird
before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13
do not properly manage history data, which allows remote attackers to
conduct cross-site scripting (XSS) attacks or obtain sensitive POST content
via vectors involving a location.hash write operation and history
navigation that triggers the loading of a URL into the history object.
Notes
Package
Upstream:released (16.0)
Package
Upstream:released (2.13)
Package
Priority: Low
Upstream:released (16.0)
Package
Upstream:needs-triage
More Information

Updated: 2019-12-05 20:59:52 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)