N/A
CVE-2012-0446
Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to inject arbitrary web script or HTML via a (1) web page or (2) Firefox extension, related to improper enforcement of XPConnect security restrictions for frame scripts that call untrusted objects.
EPSS
0.4%
percentile 62.7%
Affected tracked apps
Vulnerable CPE configurations
| Vendor | Product | Platform | Versions | CPE 2.3 URI |
|---|---|---|---|---|
| mozilla | thunderbird | Windows | — | cpe:2.3:a:mozilla:thunderbird:5.0:*:*:*:*:*:*:* |
| mozilla | thunderbird | Windows | — | cpe:2.3:a:mozilla:thunderbird:6.0:*:*:*:*:*:*:* |
| mozilla | thunderbird | Windows | — | cpe:2.3:a:mozilla:thunderbird:6.0.1:*:*:*:*:*:*:* |
| mozilla | thunderbird | Windows | — | cpe:2.3:a:mozilla:thunderbird:6.0.2:*:*:*:*:*:*:* |
| mozilla | thunderbird | Windows | — | cpe:2.3:a:mozilla:thunderbird:7.0:*:*:*:*:*:*:* |
| mozilla | thunderbird | Windows | — | cpe:2.3:a:mozilla:thunderbird:8.0:*:*:*:*:*:*:* |
| mozilla | thunderbird | Windows | — | cpe:2.3:a:mozilla:thunderbird:9.0:*:*:*:*:*:*:* |