Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage history data, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive POST content via vectors involving a location.hash write operation and history navigation that triggers the loading of a URL into the history object.
History

Mon, 21 Oct 2024 14:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
Vendors & Products Mozilla firefox Esr

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2012-10-10T17:00:00

Updated: 2024-08-06T20:21:04.216Z

Reserved: 2012-07-11T00:00:00

Link: CVE-2012-3992

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2012-10-10T17:55:02.003

Modified: 2024-11-21T01:41:59.277

Link: CVE-2012-3992

cve-icon Redhat

Severity : Moderate

Publid Date: 2012-10-09T00:00:00Z

Links: CVE-2012-3992 - Bugzilla