Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-0474 Cross Site Scripting Vulnerability
BID:53228
Info
Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-0474 Cross Site Scripting Vulnerability
| Bugtraq ID: | 53228 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-0474 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 24 2012 12:00AM |
| Updated: | Apr 13 2015 08:26PM |
| Credit: | Jordi Chancel, Eddy Bordi and Chris McGowen |
| Vulnerable: |
Ubuntu Ubuntu Linux 12.04 LTS i386 Ubuntu Ubuntu Linux 12.04 LTS amd64 Ubuntu Ubuntu Linux 11.10 i386 Ubuntu Ubuntu Linux 11.10 amd64 Ubuntu Ubuntu Linux 11.04 powerpc Ubuntu Ubuntu Linux 11.04 i386 Ubuntu Ubuntu Linux 11.04 ARM Ubuntu Ubuntu Linux 11.04 amd64 Ubuntu Ubuntu Linux 10.04 sparc Ubuntu Ubuntu Linux 10.04 powerpc Ubuntu Ubuntu Linux 10.04 i386 Ubuntu Ubuntu Linux 10.04 ARM Ubuntu Ubuntu Linux 10.04 amd64 SuSE SUSE Linux Enterprise Server for VMware 11 SP1 SuSE SUSE Linux Enterprise Server 11 SP2 SuSE SUSE Linux Enterprise Server 11 SP1 SuSE SUSE Linux Enterprise Server 10 SP4 SuSE SUSE Linux Enterprise SDK 11 SP2 SuSE SUSE Linux Enterprise SDK 11 SP1 SuSE SUSE Linux Enterprise SDK 10 SP4 SuSE SUSE Linux Enterprise Desktop 11 SP2 SuSE SUSE Linux Enterprise Desktop 11 SP1 SuSE SUSE Linux Enterprise Desktop 10 SP4 SuSE openSUSE 11.4 Sun Solaris 11 Sun Solaris 10 RedHat Enterprise Linux Optional Productivity Application 5 server RedHat Enterprise Linux Desktop Workstation 5 client Red Hat Enterprise Linux Workstation Optional 6 Red Hat Enterprise Linux Workstation 6 Red Hat Enterprise Linux Server Optional 6 Red Hat Enterprise Linux Server 6 Red Hat Enterprise Linux HPC Node Optional 6 Red Hat Enterprise Linux Desktop Optional 6 Red Hat Enterprise Linux Desktop 6 Red Hat Enterprise Linux Desktop 5 client Red Hat Enterprise Linux 5 Server Oracle Enterprise Linux 6.2 Oracle Enterprise Linux 6 Oracle Enterprise Linux 5 Mozilla Thunderbird ESR 10.0.3 Mozilla Thunderbird ESR 10.0.2 Mozilla Thunderbird 11.0 Mozilla Thunderbird 10.0.2 Mozilla Thunderbird 10.0.1 Mozilla Thunderbird 10.0 Mozilla Thunderbird 10.0 Mozilla SeaMonkey 2.8 Mozilla SeaMonkey 2.7.2 Mozilla SeaMonkey 2.7.1 Mozilla SeaMonkey 2.7 Mozilla SeaMonkey 2.6 Mozilla SeaMonkey 2.5 Mozilla SeaMonkey 2.4 Mozilla SeaMonkey 2.3 Mozilla SeaMonkey 2.2 Mozilla SeaMonkey 2.1b2 Mozilla SeaMonkey 2.1 Alpha3 Mozilla SeaMonkey 2.1 Alpha2 Mozilla SeaMonkey 2.1 Alpha1 Mozilla SeaMonkey 2.1 Mozilla Firefox ESR 10.0.3 Mozilla Firefox ESR 10.0.2 Mozilla Firefox 9.0.1 Mozilla Firefox 3.6.28 Mozilla Firefox 3.6.22 Mozilla Firefox 3.6.13 Mozilla Firefox 3.6.10 Mozilla Firefox 3.6.9 Mozilla Firefox 3.6.8 Mozilla Firefox 3.6.6 Mozilla Firefox 3.6.4 Mozilla Firefox 3.6.3 Mozilla Firefox 3.6.2 Mozilla Firefox 3.5.17 Mozilla Firefox 3.5.16 Mozilla Firefox 3.5.14 Mozilla Firefox 3.5.13 Mozilla Firefox 3.5.10 Mozilla Firefox 3.5.9 Mozilla Firefox 3.5.8 Mozilla Firefox 3.5.7 Mozilla Firefox 3.5.6 Mozilla Firefox 3.5.5 Mozilla Firefox 3.5.4 Mozilla Firefox 3.5.3 Mozilla Firefox 3.5.2 Mozilla Firefox 3.5.1 Mozilla Firefox 3.5 Mozilla Firefox 3.0.18 Mozilla Firefox 3.0.17 Mozilla Firefox 3.0.16 Mozilla Firefox 3.0.15 Mozilla Firefox 3.0.14 Mozilla Firefox 3.0.13 Mozilla Firefox 3.0.12 Mozilla Firefox 3.0.11 Mozilla Firefox 3.0.10 Mozilla Firefox 3.0.9 Mozilla Firefox 3.0.8 Mozilla Firefox 3.0.7 Beta Mozilla Firefox 3.0.7 Mozilla Firefox 3.0.6 Mozilla Firefox 3.0.5 Mozilla Firefox 3.0.4 Mozilla Firefox 3.0.3 Mozilla Firefox 3.0.2 Mozilla Firefox 3.0.1 Mozilla Firefox 9.0 Mozilla Firefox 8.0.1 Mozilla Firefox 8.0 Mozilla Firefox 7.0.1 Mozilla Firefox 7.0 Mozilla Firefox 7 Mozilla Firefox 6.0.2 Mozilla Firefox 6.0.1 Mozilla Firefox 6.0 Mozilla Firefox 6 Mozilla Firefox 5.0.1 Mozilla Firefox 5.0 Mozilla Firefox 4.0.1 Mozilla Firefox 4.0 Beta9 Mozilla Firefox 4.0 Beta8 Mozilla Firefox 4.0 Beta7 Mozilla Firefox 4.0 Beta6 Mozilla Firefox 4.0 Beta5 Mozilla Firefox 4.0 Beta4 Mozilla Firefox 4.0 Beta3 Mozilla Firefox 4.0 Beta12 Mozilla Firefox 4.0 Beta11 Mozilla Firefox 4.0 Beta10 Mozilla Firefox 4.0 Beta1 Mozilla Firefox 4.0 Mozilla Firefox 3.6.7 Mozilla Firefox 3.6.6 Mozilla Firefox 3.6.27 Mozilla Firefox 3.6.26 Mozilla Firefox 3.6.25 Mozilla Firefox 3.6.24 Mozilla Firefox 3.6.23 Mozilla Firefox 3.6.21 Mozilla Firefox 3.6.20 Mozilla Firefox 3.6.19 Mozilla Firefox 3.6.18 Mozilla Firefox 3.6.17 Mozilla Firefox 3.6.16 Mozilla Firefox 3.6.15 Mozilla Firefox 3.6.14 Mozilla Firefox 3.6.12 Mozilla Firefox 3.6.11 Mozilla Firefox 3.6 Beta 3 Mozilla Firefox 3.6 Beta 2 Mozilla Firefox 3.6 Mozilla Firefox 3.5.19 Mozilla Firefox 3.5.18 Mozilla Firefox 3.5.17 Mozilla Firefox 3.5.15 Mozilla Firefox 3.5.12 Mozilla Firefox 3.5.11 Mozilla Firefox 3.1 Beta 3 Mozilla Firefox 3.1 Beta 2 Mozilla Firefox 3.1 Beta 1 Mozilla Firefox 3.0.19 Mozilla Firefox 3.0 Beta 5 Mozilla Firefox 3.0 Mozilla Firefox 11.0 Mozilla Firefox 10.0.2 Mozilla Firefox 10.0.1 Mozilla Firefox 10.0 Moonchild Productions Pale Moon 9.2 Moonchild Productions Pale Moon 9.1 Moonchild Productions Pale Moon 9.0.1 Moonchild Productions Pale Moon 11.0 Mandriva Linux Mandrake 2011 x86_64 Mandriva Linux Mandrake 2011 Mandriva Linux Mandrake 2010.1 x86_64 Mandriva Linux Mandrake 2010.1 MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 Gentoo Linux |
| Not Vulnerable: |
Mozilla Thunderbird ESR 10.0.4 Mozilla Thunderbird 12.0 Mozilla SeaMonkey 2.9 Mozilla Firefox ESR 10.0.4 Mozilla Firefox 12.0 Moonchild Productions Pale Moon 12.0 |
Discussion
Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-0474 Cross Site Scripting Vulnerability
Mozilla Firefox, Thunderbird, and Seamonkey are prone to a cross-site scripting vulnerability.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Mozilla Firefox, Thunderbird, and Seamonkey are prone to a cross-site scripting vulnerability.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.