CVE-2012-4209
CVE-2012-4209
Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a "top" frame name-attribute value to access the location property, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a binary plugin.
Productos afectados
n/a · n/a¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.htmlhttp://lists.opensuse.org/opensuse-updates/2012-11/msg00090.htmlhttp://lists.opensuse.org/opensuse-updates/2012-11/msg00092.htmlhttp://lists.opensuse.org/opensuse-updates/2012-11/msg00093.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1482.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1483.htmlhttps://bugzilla.mozilla.org/show_bug.cgi?id=792405http://secunia.com/advisories/51359http://secunia.com/advisories/51360http://secunia.com/advisories/51369http://secunia.com/advisories/51370