4.3

CVE-2012-0446

Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to inject arbitrary web script or HTML via a (1) web page or (2) Firefox extension, related to improper enforcement of XPConnect security restrictions for frame scripts that call untrusted objects.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version4.0
MozillaFirefox Version4.0 Updatebeta1
MozillaFirefox Version4.0 Updatebeta10
MozillaFirefox Version4.0 Updatebeta11
MozillaFirefox Version4.0 Updatebeta12
MozillaFirefox Version4.0 Updatebeta2
MozillaFirefox Version4.0 Updatebeta3
MozillaFirefox Version4.0 Updatebeta4
MozillaFirefox Version4.0 Updatebeta5
MozillaFirefox Version4.0 Updatebeta6
MozillaFirefox Version4.0 Updatebeta7
MozillaFirefox Version4.0 Updatebeta8
MozillaFirefox Version4.0 Updatebeta9
MozillaFirefox Version4.0.1
MozillaFirefox Version5.0
MozillaFirefox Version5.0.1
MozillaFirefox Version6.0
MozillaFirefox Version6.0.1
MozillaFirefox Version6.0.2
MozillaFirefox Version7.0
MozillaFirefox Version8.0
MozillaFirefox Version8.0.1
MozillaFirefox Version9.0
MozillaThunderbird Version5.0
MozillaThunderbird Version6.0
MozillaThunderbird Version6.0.1
MozillaThunderbird Version6.0.2
MozillaThunderbird Version7.0
MozillaThunderbird Version8.0
MozillaThunderbird Version9.0
MozillaSeamonkey Updatebeta5 Version <= 2.7
MozillaSeamonkey Version1.0 Updatealpha
MozillaSeamonkey Version1.0 Updatebeta
MozillaSeamonkey Version1.0.1
MozillaSeamonkey Version1.0.2
MozillaSeamonkey Version1.0.3
MozillaSeamonkey Version1.0.4
MozillaSeamonkey Version1.0.5
MozillaSeamonkey Version1.0.6
MozillaSeamonkey Version1.0.7
MozillaSeamonkey Version1.0.8
MozillaSeamonkey Version1.0.9
MozillaSeamonkey Version1.1
MozillaSeamonkey Version1.1 Updatealpha
MozillaSeamonkey Version1.1 Updatebeta
MozillaSeamonkey Version1.1.1
MozillaSeamonkey Version1.1.2
MozillaSeamonkey Version1.1.3
MozillaSeamonkey Version1.1.4
MozillaSeamonkey Version1.1.5
MozillaSeamonkey Version1.1.6
MozillaSeamonkey Version1.1.7
MozillaSeamonkey Version1.1.8
MozillaSeamonkey Version1.1.9
MozillaSeamonkey Version1.1.10
MozillaSeamonkey Version1.1.11
MozillaSeamonkey Version1.1.12
MozillaSeamonkey Version1.1.13
MozillaSeamonkey Version1.1.14
MozillaSeamonkey Version1.1.15
MozillaSeamonkey Version1.1.16
MozillaSeamonkey Version1.1.17
MozillaSeamonkey Version1.1.18
MozillaSeamonkey Version1.1.19
MozillaSeamonkey Version2.0
MozillaSeamonkey Version2.0 Updatealpha_1
MozillaSeamonkey Version2.0 Updatealpha_2
MozillaSeamonkey Version2.0 Updatealpha_3
MozillaSeamonkey Version2.0 Updatebeta_1
MozillaSeamonkey Version2.0 Updatebeta_2
MozillaSeamonkey Version2.0 Updaterc1
MozillaSeamonkey Version2.0 Updaterc2
MozillaSeamonkey Version2.0.1
MozillaSeamonkey Version2.0.2
MozillaSeamonkey Version2.0.3
MozillaSeamonkey Version2.0.4
MozillaSeamonkey Version2.0.5
MozillaSeamonkey Version2.0.6
MozillaSeamonkey Version2.0.7
MozillaSeamonkey Version2.0.8
MozillaSeamonkey Version2.0.9
MozillaSeamonkey Version2.0.10
MozillaSeamonkey Version2.0.11
MozillaSeamonkey Version2.0.12
MozillaSeamonkey Version2.0.13
MozillaSeamonkey Version2.0.14
MozillaSeamonkey Version2.1
MozillaSeamonkey Version2.1 Updatealpha1
MozillaSeamonkey Version2.1 Updatealpha2
MozillaSeamonkey Version2.1 Updatealpha3
MozillaSeamonkey Version2.1 Updatebeta1
MozillaSeamonkey Version2.1 Updatebeta2
MozillaSeamonkey Version2.1 Updatebeta3
MozillaSeamonkey Version2.1 Updaterc1
MozillaSeamonkey Version2.1 Updaterc2
MozillaSeamonkey Version2.2
MozillaSeamonkey Version2.2 Updatebeta1
MozillaSeamonkey Version2.2 Updatebeta2
MozillaSeamonkey Version2.2 Updatebeta3
MozillaSeamonkey Version2.3
MozillaSeamonkey Version2.3 Updatebeta1
MozillaSeamonkey Version2.3 Updatebeta2
MozillaSeamonkey Version2.3 Updatebeta3
MozillaSeamonkey Version2.3.1
MozillaSeamonkey Version2.3.2
MozillaSeamonkey Version2.3.3
MozillaSeamonkey Version2.4
MozillaSeamonkey Version2.4 Updatebeta1
MozillaSeamonkey Version2.4 Updatebeta2
MozillaSeamonkey Version2.4 Updatebeta3
MozillaSeamonkey Version2.4.1
MozillaSeamonkey Version2.5
MozillaSeamonkey Version2.5 Updatebeta1
MozillaSeamonkey Version2.5 Updatebeta2
MozillaSeamonkey Version2.5 Updatebeta3
MozillaSeamonkey Version2.5 Updatebeta4
MozillaSeamonkey Version2.6
MozillaSeamonkey Version2.6 Updatebeta1
MozillaSeamonkey Version2.6 Updatebeta2
MozillaSeamonkey Version2.6 Updatebeta3
MozillaSeamonkey Version2.6 Updatebeta4
MozillaSeamonkey Version2.6.1
MozillaSeamonkey Version2.7 Updatebeta1
MozillaSeamonkey Version2.7 Updatebeta2
MozillaSeamonkey Version2.7 Updatebeta3
MozillaSeamonkey Version2.7 Updatebeta4
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.43% 0.597
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.