CVE-2012-4209

Priority
Description
Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird
before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14
do not prevent use of a "top" frame name-attribute value to access the
location property, which makes it easier for remote attackers to conduct
cross-site scripting (XSS) attacks via vectors involving a binary plugin.
Notes
jdstrandxulrunner-1.9.2 unmaintained upstream (see README.mozilla for
details)
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
More Information

Updated: 2020-09-10 02:13:10 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)