The Style Inspector in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 does not properly restrict the context of HTML markup and Cascading Style Sheets (CSS) token sequences, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted stylesheet.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
21 Nov 2024, 01:42
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html - | |
References | () http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html - | |
References | () http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html - | |
References | () http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html - | |
References | () http://rhn.redhat.com/errata/RHSA-2012-1482.html - | |
References | () http://secunia.com/advisories/51359 - | |
References | () http://secunia.com/advisories/51369 - | |
References | () http://secunia.com/advisories/51434 - | |
References | () http://secunia.com/advisories/51439 - | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2012:173 - | |
References | () http://www.mozilla.org/security/announce/2012/mfsa2012-104.html - Vendor Advisory | |
References | () http://www.palemoon.org/releasenotes-ng.shtml - | |
References | () http://www.securityfocus.com/bid/56646 - | |
References | () http://www.ubuntu.com/usn/USN-1638-1 - | |
References | () http://www.ubuntu.com/usn/USN-1638-2 - | |
References | () http://www.ubuntu.com/usn/USN-1638-3 - | |
References | () https://bugzilla.mozilla.org/show_bug.cgi?id=796866 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/80182 - | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16833 - |
21 Oct 2024, 13:55
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:mozilla:firefox_esr:10.0.1:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox_esr:10.0:*:*:*:*:*:*:* |
21 Oct 2024, 13:11
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:mozilla:firefox_esr:10.0.10:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox_esr:10.0.4:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox_esr:10.0.8:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox_esr:10.0.6:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox_esr:10.0.7:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox_esr:10.0.5:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox_esr:10.0.9:*:*:*:*:*:*:* |
cpe:2.3:a:mozilla:firefox:10.0.7:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:10.0.8:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:10.0.10:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:10.0.4:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:10.0.9:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:10.0.6:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:10.0.3:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:10.0.5:*:*:*:*:*:*:* |
Information
Published : 2012-11-21 12:55
Updated : 2024-11-21 01:42
NVD link : CVE-2012-4210
Mitre link : CVE-2012-4210
CVE.ORG link : CVE-2012-4210
JSON object : View
Products Affected
mozilla
- firefox
CWE
CWE-264
Permissions, Privileges, and Access Controls