CVE-2012-0446

Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to inject arbitrary web script or HTML via a (1) web page or (2) Firefox extension, related to improper enforcement of XPConnect security restrictions for frame scripts that call untrusted objects.

Date published : 2012-02-01

http://www.securityfocus.com/bid/51752

http://www.mozilla.org/security/announce/2012/mfsa2012-05.html