The Content Security Policy (CSP) implementation in Mozilla Firefox 4.x up to and including 12.0, Firefox ESR 10.x prior to 10.0.5, Thunderbird 5.0 up to and including 12.0, Thunderbird ESR 10.x prior to 10.0.5, and SeaMonkey prior to 2.10 does not block inline event handlers, which makes it easier for remote malicious users to conduct cross-site scripting (XSS) attacks via a crafted HTML document.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox 4.0 |
||
mozilla firefox 5.0 |
||
mozilla firefox 8.0 |
||
mozilla firefox 8.0.1 |
||
mozilla firefox 12.0 |
||
mozilla firefox esr 10.0 |
||
mozilla thunderbird 6.0.1 |
||
mozilla thunderbird 6.0.2 |
||
mozilla thunderbird 10.0.3 |
||
mozilla thunderbird 10.0.1 |
||
mozilla thunderbird esr 10.0.3 |
||
mozilla thunderbird esr 10.0.4 |
||
mozilla seamonkey 2.8 |
||
mozilla seamonkey 2.7 |
||
mozilla seamonkey 2.6 |
||
mozilla seamonkey 2.6.1 |
||
mozilla seamonkey 2.4.1 |
||
mozilla seamonkey 2.4 |
||
mozilla seamonkey 2.3 |
||
mozilla seamonkey 2.3.2 |
||
mozilla seamonkey 2.1 |
||
mozilla seamonkey 2.0.7 |
||
mozilla seamonkey 2.0.11 |
||
mozilla seamonkey 2.0.10 |
||
mozilla seamonkey 2.0.14 |
||
mozilla seamonkey 2.0 |
||
mozilla seamonkey 1.1.7 |
||
mozilla seamonkey 1.1.16 |
||
mozilla seamonkey 1.1 |
||
mozilla seamonkey 1.0 |
||
mozilla seamonkey 1.0.9 |
||
mozilla seamonkey 1.0.8 |
||
mozilla seamonkey 1.0.1 |
||
mozilla firefox 4.0.1 |
||
mozilla firefox 6.0.2 |
||
mozilla firefox 6.0.1 |
||
mozilla firefox 10.0.2 |
||
mozilla firefox 10.0 |
||
mozilla firefox 10.0.1 |
||
mozilla firefox esr 10.0.3 |
||
mozilla firefox esr 10.0.4 |
||
mozilla thunderbird 8.0 |
||
mozilla thunderbird 9.0.1 |
||
mozilla thunderbird 11.0 |
||
mozilla thunderbird 12.0 |
||
mozilla firefox 5.0.1 |
||
mozilla firefox 6.0 |
||
mozilla firefox 9.0.1 |
||
mozilla firefox 9.0 |
||
mozilla firefox esr 10.0.1 |
||
mozilla firefox esr 10.0.2 |
||
mozilla thunderbird 7.0.1 |
||
mozilla thunderbird 7.0 |
||
mozilla thunderbird 10.0 |
||
mozilla thunderbird 10.0.4 |
||
mozilla seamonkey |
||
mozilla seamonkey 2.9 |
||
mozilla seamonkey 2.5 |
||
mozilla seamonkey 2.2 |
||
mozilla seamonkey 2.0.9 |
||
mozilla seamonkey 2.0.6 |
||
mozilla seamonkey 2.0.3 |
||
mozilla seamonkey 1.1.1 |
||
mozilla seamonkey 1.1.14 |
||
mozilla seamonkey 1.1.10 |
||
mozilla seamonkey 1.0.7 |
||
mozilla seamonkey 1.0.6 |
||
mozilla thunderbird esr 10.0 |
||
mozilla seamonkey 2.7.1 |
||
mozilla seamonkey 2.3.3 |
||
mozilla seamonkey 2.0.5 |
||
mozilla seamonkey 2.0.2 |
||
mozilla seamonkey 2.0.4 |
||
mozilla seamonkey 1.1.19 |
||
mozilla seamonkey 1.1.18 |
||
mozilla seamonkey 1.1.15 |
||
mozilla seamonkey 1.1.11 |
||
mozilla seamonkey 1.1.4 |
||
mozilla seamonkey 1.1.5 |
||
mozilla seamonkey 1.5.0.10 |
||
mozilla seamonkey 1.1.3 |
||
mozilla seamonkey 1.0.5 |
||
mozilla seamonkey 1.0.4 |
||
mozilla seamonkey 1.0.3 |
||
mozilla firefox 7.0.1 |
||
mozilla firefox 7.0 |
||
mozilla firefox 11.0 |
||
mozilla thunderbird 5.0 |
||
mozilla thunderbird 6.0 |
||
mozilla thunderbird 9.0 |
||
mozilla thunderbird 10.0.2 |
||
mozilla thunderbird esr 10.0.1 |
||
mozilla thunderbird esr 10.0.2 |
||
mozilla seamonkey 2.7.2 |
||
mozilla seamonkey 2.3.1 |
||
mozilla seamonkey 2.0.8 |
||
mozilla seamonkey 2.0.1 |
||
mozilla seamonkey 2.0.12 |
||
mozilla seamonkey 2.0.13 |
||
mozilla seamonkey 1.1.8 |
||
mozilla seamonkey 1.1.17 |
||
mozilla seamonkey 1.1.6 |
||
mozilla seamonkey 1.1.9 |
||
mozilla seamonkey 1.1.12 |
||
mozilla seamonkey 1.5.0.8 |
||
mozilla seamonkey 1.5.0.9 |
||
mozilla seamonkey 1.1.2 |
||
mozilla seamonkey 1.1.13 |
||
mozilla seamonkey 1.0.2 |