CVE-2012-4209 (retired)

Priority
Description
Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird
before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14
do not prevent use of a "top" frame name-attribute value to access the
location property, which makes it easier for remote attackers to conduct
cross-site scripting (XSS) attacks via vectors involving a binary plugin.
Notes
 jdstrand> xulrunner-1.9.2 unmaintained upstream (see README.mozilla for
  details)
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
More Information

Updated: 2019-09-19 15:41:43 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)