CVE-2012-0446 : Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and

Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to inject arbitrary web script or HTML via a (1) web page or (2) Firefox extension, related to improper enforcement of XPConnect security restrictions for frame scripts that call untrusted objects.

Published 2012-02-01 16:55:01

Updated 2017-09-19 01:34:33

Source MITRE

View at NVD, CVE.org

Vulnerability category: Cross site scripting (XSS)

Exploit prediction scoring system (EPSS) score for CVE-2012-0446

Probability of exploitation activity in the next 30 days: 0.22%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 60 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2012-0446

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

CWE ids for CVE-2012-0446

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-0446

https://exchange.xforce.ibmcloud.com/vulnerabilities/72837

Multiple Mozilla products XPConnect cross-site scripting CVE-2012-0446 Vulnerability Report
http://www.securityfocus.com/bid/51752

Mozilla Firefox/SeaMonkey/Thunderbird XPConnect Security Check Cross Domain Scripting Vulnerability
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html

[security-announce] openSUSE-SU-2012:0234-1: important: MozillaFirefox:

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14304

Repository / Oval Repository
http://www.mandriva.com/security/advisories?name=MDVSA-2012:013

mandriva.com

CVEs referencing this url
http://www.mozilla.org/security/announce/2012/mfsa2012-05.html

Frame scripts calling into untrusted objects bypass security checks — Mozilla
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=705651

705651 - (CVE-2012-0446) Frame scripts that access untrusted objects are exploitable

Products affected by CVE-2012-0446

Mozilla » Firefox » Version: 4.0 Update Beta5
cpe:2.3:a:mozilla:firefox:4.0:beta5:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 4.0 Update Beta3
cpe:2.3:a:mozilla:firefox:4.0:beta3:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 4.0 Update Beta4
cpe:2.3:a:mozilla:firefox:4.0:beta4:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 4.0 Update Beta2
cpe:2.3:a:mozilla:firefox:4.0:beta2:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 4.0 Update Beta7
cpe:2.3:a:mozilla:firefox:4.0:beta7:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 4.0 Update Beta8
cpe:2.3:a:mozilla:firefox:4.0:beta8:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 4.0 Update Beta9
cpe:2.3:a:mozilla:firefox:4.0:beta9:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 4.0 Update Beta1
cpe:2.3:a:mozilla:firefox:4.0:beta1:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 4.0 Update Beta10
cpe:2.3:a:mozilla:firefox:4.0:beta10:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 4.0 Update Beta11
cpe:2.3:a:mozilla:firefox:4.0:beta11:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 4.0 Update Beta6
cpe:2.3:a:mozilla:firefox:4.0:beta6:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 4.0 Update Beta12
cpe:2.3:a:mozilla:firefox:4.0:beta12:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 4.0
cpe:2.3:a:mozilla:firefox:4.0:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 4.0.1
cpe:2.3:a:mozilla:firefox:4.0.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 5.0
cpe:2.3:a:mozilla:firefox:5.0:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 6.0
cpe:2.3:a:mozilla:firefox:6.0:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 6.0.1
cpe:2.3:a:mozilla:firefox:6.0.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 5.0.1
cpe:2.3:a:mozilla:firefox:5.0.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 6.0.2
cpe:2.3:a:mozilla:firefox:6.0.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 7.0
cpe:2.3:a:mozilla:firefox:7.0:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 8.0
cpe:2.3:a:mozilla:firefox:8.0:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 8.0.1
cpe:2.3:a:mozilla:firefox:8.0.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 9.0
cpe:2.3:a:mozilla:firefox:9.0:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 5.0
cpe:2.3:a:mozilla:thunderbird:5.0:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 6.0.2
cpe:2.3:a:mozilla:thunderbird:6.0.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 6.0.1
cpe:2.3:a:mozilla:thunderbird:6.0.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 6.0
cpe:2.3:a:mozilla:thunderbird:6.0:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 7.0
cpe:2.3:a:mozilla:thunderbird:7.0:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 8.0
cpe:2.3:a:mozilla:thunderbird:8.0:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 9.0
cpe:2.3:a:mozilla:thunderbird:9.0:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Update Beta5
Versions up to, including, (<=) 2.7
cpe:2.3:a:mozilla:seamonkey:*:beta5:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.0.6
cpe:2.3:a:mozilla:seamonkey:2.0.6:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.0.5
cpe:2.3:a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.0
cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.0 Update RC2
cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.0.4
cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.0.8
cpe:2.3:a:mozilla:seamonkey:2.0.8:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.0.7
cpe:2.3:a:mozilla:seamonkey:2.0.7:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.16
cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.1
cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.10
cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0 Update Beta
cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.4
cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.9
cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.3
cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.2
cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0.3
cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0.2
cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.0.2
cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.0.1
cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.0 Update Alpha 2
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.0 Update Alpha 1
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.1 Update Alpha1
cpe:2.3:a:mozilla:seamonkey:2.1:alpha1:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.14
cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.15
cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.5
cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.19
cpe:2.3:a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0.9
cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.13
cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1
cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.0.11
cpe:2.3:a:mozilla:seamonkey:2.0.11:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.0.14
cpe:2.3:a:mozilla:seamonkey:2.0.14:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.0.3
cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.0 Update Beta 1
cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.0 Update Alpha 3
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.0.10
cpe:2.3:a:mozilla:seamonkey:2.0.10:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.17
cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1 Update Alpha
cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0 Update Alpha
cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.7
cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.6
cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0.6
cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1 Update Beta
cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0.5
cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0.4
cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.0.12
cpe:2.3:a:mozilla:seamonkey:2.0.12:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.0.13
cpe:2.3:a:mozilla:seamonkey:2.0.13:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.0 Update RC1
cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.0 Update Beta 2
cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.1 Update Alpha2
cpe:2.3:a:mozilla:seamonkey:2.1:alpha2:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.0.9
cpe:2.3:a:mozilla:seamonkey:2.0.9:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.11
cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.12
cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.18
cpe:2.3:a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.8
cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0.8
cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0.7
cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0.1
cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.1 Update Alpha3
cpe:2.3:a:mozilla:seamonkey:2.1:alpha3:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.3.3
cpe:2.3:a:mozilla:seamonkey:2.3.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.5 Update Beta1
cpe:2.3:a:mozilla:seamonkey:2.5:beta1:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.5 Update Beta3
cpe:2.3:a:mozilla:seamonkey:2.5:beta3:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.3
cpe:2.3:a:mozilla:seamonkey:2.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.4 Update Beta1
cpe:2.3:a:mozilla:seamonkey:2.4:beta1:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.3.2
cpe:2.3:a:mozilla:seamonkey:2.3.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.6 Update Beta4
cpe:2.3:a:mozilla:seamonkey:2.6:beta4:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.6
cpe:2.3:a:mozilla:seamonkey:2.6:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.2 Update Beta1
cpe:2.3:a:mozilla:seamonkey:2.2:beta1:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.1 Update RC1
cpe:2.3:a:mozilla:seamonkey:2.1:rc1:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.1 Update Beta1
cpe:2.3:a:mozilla:seamonkey:2.1:beta1:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.4
cpe:2.3:a:mozilla:seamonkey:2.4:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.4.1
cpe:2.3:a:mozilla:seamonkey:2.4.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.3 Update Beta2
cpe:2.3:a:mozilla:seamonkey:2.3:beta2:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.3.1
cpe:2.3:a:mozilla:seamonkey:2.3.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.6 Update Beta2
cpe:2.3:a:mozilla:seamonkey:2.6:beta2:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.6 Update Beta3
cpe:2.3:a:mozilla:seamonkey:2.6:beta3:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.1
cpe:2.3:a:mozilla:seamonkey:2.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.2 Update Beta3
cpe:2.3:a:mozilla:seamonkey:2.2:beta3:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.1 Update Beta2
cpe:2.3:a:mozilla:seamonkey:2.1:beta2:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.1 Update Beta3
cpe:2.3:a:mozilla:seamonkey:2.1:beta3:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.5
cpe:2.3:a:mozilla:seamonkey:2.5:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.5 Update Beta4
cpe:2.3:a:mozilla:seamonkey:2.5:beta4:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.3 Update Beta3
cpe:2.3:a:mozilla:seamonkey:2.3:beta3:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.7 Update Beta4
cpe:2.3:a:mozilla:seamonkey:2.7:beta4:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.7 Update Beta2
cpe:2.3:a:mozilla:seamonkey:2.7:beta2:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.7 Update Beta3
cpe:2.3:a:mozilla:seamonkey:2.7:beta3:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.3 Update Beta1
cpe:2.3:a:mozilla:seamonkey:2.3:beta1:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.2 Update Beta2
cpe:2.3:a:mozilla:seamonkey:2.2:beta2:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.5 Update Beta2
cpe:2.3:a:mozilla:seamonkey:2.5:beta2:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.6 Update Beta1
cpe:2.3:a:mozilla:seamonkey:2.6:beta1:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.4 Update Beta3
cpe:2.3:a:mozilla:seamonkey:2.4:beta3:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.4 Update Beta2
cpe:2.3:a:mozilla:seamonkey:2.4:beta2:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.6.1
cpe:2.3:a:mozilla:seamonkey:2.6.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.7 Update Beta1
cpe:2.3:a:mozilla:seamonkey:2.7:beta1:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.1 Update RC2
cpe:2.3:a:mozilla:seamonkey:2.1:rc2:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.2
cpe:2.3:a:mozilla:seamonkey:2.2:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2012-0446

Exploit prediction scoring system (EPSS) score for CVE-2012-0446

CVSS scores for CVE-2012-0446

CWE ids for CVE-2012-0446

References for CVE-2012-0446

Products affected by CVE-2012-0446