CVE-2012-4194
Mozilla Firefox < 16.0.2 - XSS
Title source: ruleDescription
Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 do not prevent use of the valueOf method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin.
References (18)
Scores
EPSS
0.0136
EPSS Percentile
80.0%
Details
CWE
CWE-79
Status
published
Products (27)
mozilla/firefox
< 16.0.2
mozilla/seamonkey
< 2.13.2
mozilla/thunderbird
< 16.0.2
mozilla/thunderbird_esr
< 10.0.10
opensuse/opensuse
opensuse/opensuse
opensuse/opensuse
suse/linux_enterprise_desktop
suse/linux_enterprise_desktop
suse/linux_enterprise_server
... and 17 more
Published
Oct 29, 2012
Tracked Since
Feb 18, 2026