Cross site scripting

2012-10-1017:55:00

PRIOn knowledge base

www.prio-n.com

5.9 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.3%

JSON

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to conduct cross-site scripting (XSS) attacks via a binary plugin that uses Object.defineProperty to shadow the top object, and leverages the relationship between top.location and the location property.

CPENameOperatorVersion
ubuntu_linuxeq11.04
ubuntu_linuxeq11.10
ubuntu_linuxeq12.04
ubuntu_linuxeq10.04
firefoxlt16.0
firefox_esrlt10.0.8
seamonkeylt2.13
thunderbirdlt16.0
thunderbird_esrlt10.0.8
enterprise_linux_desktopeq6.0

Name	Operator	Version
ubuntu_linux	eq	11.04
ubuntu_linux	eq	11.10
ubuntu_linux	eq	12.04
ubuntu_linux	eq	10.04
firefox	lt	16.0
firefox_esr	lt	10.0.8
seamonkey	lt	2.13
thunderbird	lt	16.0
thunderbird_esr	lt	10.0.8
enterprise_linux_desktop	eq	6.0