CVE-2012-3994
Mozilla Firefox < 10.0.8 - XSS
Title source: ruleDescription
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to conduct cross-site scripting (XSS) attacks via a binary plugin that uses Object.defineProperty to shadow the top object, and leverages the relationship between top.location and the location property.
References (16)
Scores
EPSS
0.0093
EPSS Percentile
75.8%
Details
CWE
CWE-79
Status
published
Products (22)
mozilla/firefox
< 10.0.8
mozilla/thunderbird_esr
< 10.0.8
mozilla/thunderbird
< 16.0
mozilla/seamonkey
< 2.13
suse/linux_enterprise_desktop
suse/linux_enterprise_desktop
suse/linux_enterprise_sdk
suse/linux_enterprise_server
suse/linux_enterprise_server
suse/linux_enterprise_server
... and 12 more
Published
Oct 10, 2012
Tracked Since
Feb 18, 2026