Upstream information

CVE-2012-0446 at MITRE

Description

Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to inject arbitrary web script or HTML via a (1) web page or (2) Firefox extension, related to improper enforcement of XPConnect security restrictions for frame scripts that call untrusted objects.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.30
Vector AV:N/AC:M/Au:N/C:N/I:P/A:N
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact Partial
Availability Impact None
SUSE Bugzilla entry: 744275 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Software Development Kit 11 SP1
  • beagle >= 0.3.8-56.44.45.6
  • beagle-devel >= 0.3.8-56.44.45.6
  • beagle-lang >= 0.3.8-56.44.45.6
sle11-sp1-sdk.x86
sles11-sp1-vmware.x86-64
sled11-sp1.x86
sle11-sp1-sdk.s390x
sles11-sp1.ppc
sles11-sp1-vmware.x86
sles11-sp1.s390x
sled11-sp1.x86-64
sle11-sp1-sdk.x86-64
sled11-sp1.x86-64
sle11-sp1-sdk.ia64
sles11-sp1.ia64
sles11-sp1.x86
sles11-sp1.x86-64
SAT Patch Nr: 5754
SUSE Linux Enterprise Desktop 11 SP1
  • MozillaFirefox >= 10.0-0.3.2
  • MozillaFirefox-branding-SLED >= 7-0.6.7.7
  • MozillaFirefox-translations >= 10.0-0.3.2
  • beagle >= 0.3.8-56.44.45.6
  • beagle-evolution >= 0.3.8-56.44.45.6
  • beagle-firefox >= 0.3.8-56.44.45.6
  • beagle-gui >= 0.3.8-56.44.45.6
  • beagle-lang >= 0.3.8-56.44.45.6
  • flash-player >= 11.1.102.55-0.13.1
  • mhtml-firefox >= 0.5-1.45.7
  • mozilla-kde4-integration >= 0.6.3-5.6.5
sle11-sp1-sdk.x86
sles11-sp1-vmware.x86-64
sled11-sp1.x86
sle11-sp1-sdk.s390x
sles11-sp1.ppc
sles11-sp1-vmware.x86
sles11-sp1.s390x
sled11-sp1.x86-64
sle11-sp1-sdk.x86-64
sled11-sp1.x86-64
sle11-sp1-sdk.ia64
sles11-sp1.ia64
sles11-sp1.x86
sles11-sp1.x86-64
SAT Patch Nr: 5754
SUSE Linux Enterprise Server 11 SP1
  • MozillaFirefox >= 10.0-0.3.2
  • MozillaFirefox-branding-SLED >= 7-0.6.7.7
  • MozillaFirefox-translations >= 10.0-0.3.2
  • mozilla-kde4-integration >= 0.6.3-5.6.5
sle11-sp1-sdk.x86
sles11-sp1-vmware.x86-64
sled11-sp1.x86
sle11-sp1-sdk.s390x
sles11-sp1.ppc
sles11-sp1-vmware.x86
sles11-sp1.s390x
sled11-sp1.x86-64
sle11-sp1-sdk.x86-64
sled11-sp1.x86-64
sle11-sp1-sdk.ia64
sles11-sp1.ia64
sles11-sp1.x86
sles11-sp1.x86-64
SAT Patch Nr: 5754
SUSE Linux Enterprise Server 11 SP1 for VMware
  • MozillaFirefox >= 10.0-0.3.2
  • MozillaFirefox-branding-SLES-for-VMware >= 7-0.4.2.5
  • MozillaFirefox-translations >= 10.0-0.3.2
  • mozilla-kde4-integration >= 0.6.3-5.6.5
sle11-sp1-sdk.x86
sles11-sp1-vmware.x86-64
sled11-sp1.x86
sle11-sp1-sdk.s390x
sles11-sp1.ppc
sles11-sp1-vmware.x86
sles11-sp1.s390x
sled11-sp1.x86-64
sle11-sp1-sdk.x86-64
sled11-sp1.x86-64
sle11-sp1-sdk.ia64
sles11-sp1.ia64
sles11-sp1.x86
sles11-sp1.x86-64
SAT Patch Nr: 5754
openSUSE 11.4
  • MozillaFirefox >= 10.0-0.2.1
  • MozillaFirefox-branding-upstream >= 10.0-0.2.1
  • MozillaFirefox-buildsymbols >= 10.0-0.2.1
  • MozillaFirefox-devel >= 10.0-0.2.1
  • MozillaFirefox-translations-common >= 10.0-0.2.1
  • MozillaFirefox-translations-other >= 10.0-0.2.1
openSUSE 11.4
  • MozillaFirefox >= 12.0-18.1
  • MozillaFirefox-branding-upstream >= 12.0-18.1
  • MozillaFirefox-buildsymbols >= 12.0-18.1
  • MozillaFirefox-debuginfo >= 12.0-18.1
  • MozillaFirefox-debugsource >= 12.0-18.1
  • MozillaFirefox-devel >= 12.0-18.1
  • MozillaFirefox-translations-common >= 12.0-18.1
  • MozillaFirefox-translations-other >= 12.0-18.1
  • MozillaThunderbird >= 12.0-18.1
  • MozillaThunderbird-buildsymbols >= 12.0-18.1
  • MozillaThunderbird-debuginfo >= 12.0-18.1
  • MozillaThunderbird-debugsource >= 12.0-18.1
  • MozillaThunderbird-devel >= 12.0-18.1
  • MozillaThunderbird-translations-common >= 12.0-18.1
  • MozillaThunderbird-translations-other >= 12.0-18.1
  • enigmail >= 1.4.1+12.0-18.1
  • enigmail-debuginfo >= 1.4.1+12.0-18.1
  • seamonkey >= 2.9-18.1
  • seamonkey-debuginfo >= 2.9-18.1
  • seamonkey-debugsource >= 2.9-18.1
  • seamonkey-dom-inspector >= 2.9-18.1
  • seamonkey-irc >= 2.9-18.1
  • seamonkey-translations-common >= 2.9-18.1
  • seamonkey-translations-other >= 2.9-18.1
  • seamonkey-venkman >= 2.9-18.1
Patchnames:
openSUSE-2012-254
openSUSE Evergreen 11.4
  • MozillaFirefox >= 24.8.0-127.1
  • MozillaFirefox-branding-upstream >= 24.8.0-127.1
  • MozillaFirefox-buildsymbols >= 24.8.0-127.1
  • MozillaFirefox-debuginfo >= 24.8.0-127.1
  • MozillaFirefox-debugsource >= 24.8.0-127.1
  • MozillaFirefox-devel >= 24.8.0-127.1
  • MozillaFirefox-translations-common >= 24.8.0-127.1
  • MozillaFirefox-translations-other >= 24.8.0-127.1
  • libfreebl3 >= 3.16.4-94.1
  • libfreebl3-32bit >= 3.16.4-94.1
  • libfreebl3-debuginfo >= 3.16.4-94.1
  • libfreebl3-debuginfo-32bit >= 3.16.4-94.1
  • libfreebl3-debuginfo-x86 >= 3.16.4-94.1
  • libfreebl3-x86 >= 3.16.4-94.1
  • libsoftokn3 >= 3.16.4-94.1
  • libsoftokn3-32bit >= 3.16.4-94.1
  • libsoftokn3-debuginfo >= 3.16.4-94.1
  • libsoftokn3-debuginfo-32bit >= 3.16.4-94.1
  • libsoftokn3-debuginfo-x86 >= 3.16.4-94.1
  • libsoftokn3-x86 >= 3.16.4-94.1
  • mozilla-nss >= 3.16.4-94.1
  • mozilla-nss-32bit >= 3.16.4-94.1
  • mozilla-nss-certs >= 3.16.4-94.1
  • mozilla-nss-certs-32bit >= 3.16.4-94.1
  • mozilla-nss-certs-debuginfo >= 3.16.4-94.1
  • mozilla-nss-certs-debuginfo-32bit >= 3.16.4-94.1
  • mozilla-nss-certs-debuginfo-x86 >= 3.16.4-94.1
  • mozilla-nss-certs-x86 >= 3.16.4-94.1
  • mozilla-nss-debuginfo >= 3.16.4-94.1
  • mozilla-nss-debuginfo-32bit >= 3.16.4-94.1
  • mozilla-nss-debuginfo-x86 >= 3.16.4-94.1
  • mozilla-nss-debugsource >= 3.16.4-94.1
  • mozilla-nss-devel >= 3.16.4-94.1
  • mozilla-nss-sysinit >= 3.16.4-94.1
  • mozilla-nss-sysinit-32bit >= 3.16.4-94.1
  • mozilla-nss-sysinit-debuginfo >= 3.16.4-94.1
  • mozilla-nss-sysinit-debuginfo-32bit >= 3.16.4-94.1
  • mozilla-nss-sysinit-debuginfo-x86 >= 3.16.4-94.1
  • mozilla-nss-sysinit-x86 >= 3.16.4-94.1
  • mozilla-nss-tools >= 3.16.4-94.1
  • mozilla-nss-tools-debuginfo >= 3.16.4-94.1
  • mozilla-nss-x86 >= 3.16.4-94.1
Patchnames:
2014-82