The Content Security Policy (CSP) implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not block inline event handlers, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 01:38
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html - | |
References | () http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00015.html - | |
References | () http://rhn.redhat.com/errata/RHSA-2012-0710.html - | |
References | () http://rhn.redhat.com/errata/RHSA-2012-0715.html - | |
References | () http://secunia.com/advisories/49981 - Permissions Required | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2012:088 - | |
References | () http://www.mozilla.org/security/announce/2012/mfsa2012-36.html - Vendor Advisory | |
References | () https://bugzilla.mozilla.org/show_bug.cgi?id=751422 - Issue Tracking | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17005 - |
21 Oct 2024, 13:55
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:mozilla:firefox_esr:10.0.1:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox_esr:10.0:*:*:*:*:*:*:* |
21 Oct 2024, 13:11
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:mozilla:firefox_esr:10.0.4:*:*:*:*:*:*:* |
cpe:2.3:a:mozilla:firefox:10.0.3:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:10.0.4:*:*:*:*:*:*:* |
Information
Published : 2012-06-05 23:55
Updated : 2024-11-21 01:38
NVD link : CVE-2012-1944
Mitre link : CVE-2012-1944
CVE.ORG link : CVE-2012-1944
JSON object : View
Products Affected
mozilla
- thunderbird
- firefox
- thunderbird_esr
- seamonkey
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')