Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to conduct cross-site scripting (XSS) attacks via a binary plugin that uses Object.defineProperty to shadow the top object, and leverages the relationship between top.location and the location property.
2012-10-10T17:55:02.097
2025-04-11T00:51:21.963
Deferred
CVSSv2: 4.3 (MEDIUM)
AV:N/AC:M/Au:N/C:N/I:P/A:N
8.6
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | mozilla | firefox | < 10.0.8 | Yes |
| Application | mozilla | thunderbird_esr | < 10.0.8 | Yes |
| Application | mozilla | firefox | < 16.0 | Yes |
| Application | mozilla | thunderbird | < 16.0 | Yes |
| Application | mozilla | seamonkey | < 2.13 | Yes |
| Operating System | suse | linux_enterprise_desktop | 10 | Yes |
| Operating System | suse | linux_enterprise_desktop | 11 | Yes |
| Operating System | suse | linux_enterprise_sdk | 10 | Yes |
| Operating System | suse | linux_enterprise_server | 10 | Yes |
| Operating System | suse | linux_enterprise_server | 11 | Yes |
| Operating System | suse | linux_enterprise_server | 11 | Yes |
| Operating System | canonical | ubuntu_linux | 10.04 | Yes |
| Operating System | canonical | ubuntu_linux | 11.04 | Yes |
| Operating System | canonical | ubuntu_linux | 11.10 | Yes |
| Operating System | canonical | ubuntu_linux | 12.04 | Yes |
| Operating System | redhat | enterprise_linux_desktop | 5.0 | Yes |
| Operating System | redhat | enterprise_linux_desktop | 6.0 | Yes |
| Operating System | redhat | enterprise_linux_eus | 6.3 | Yes |
| Operating System | redhat | enterprise_linux_server | 5.0 | Yes |
| Operating System | redhat | enterprise_linux_server | 6.0 | Yes |
| Operating System | redhat | enterprise_linux_workstation | 5.0 | Yes |
| Operating System | redhat | enterprise_linux_workstation | 6.0 | Yes |