CVE-2012-1957

Mozilla Firefox < 2.10 - XSS

Title source: rule

Description

An unspecified parser-utility class in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly handle EMBED elements within description elements in RSS feeds, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a feed.

References (24)

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00016.html

[Third Party Advisory, VDB Entry] http://osvdb.org/84000

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2012-1088.html

[Vendor Advisory] http://www.mozilla.org/security/announce/2012/mfsa2012-47.html

[Vendor Advisory] http://www.ubuntu.com/usn/USN-1509-1

[Vendor Advisory] http://www.ubuntu.com/usn/USN-1509-2

[Vendor Advisory] http://www.ubuntu.com/usn/USN-1510-1

[Issue Tracking] https://bugzilla.mozilla.org/show_bug.cgi?id=750096

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/54583

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16844

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1027256

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1027257

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1027258

[Third Party Advisory] http://secunia.com/advisories/49965

[Third Party Advisory] http://secunia.com/advisories/49968

[Third Party Advisory] http://secunia.com/advisories/49972

[Third Party Advisory] http://secunia.com/advisories/49977

... and 4 more

Scores

EPSS 0.0100

EPSS Percentile 76.8%

Classification

CWE

CWE-79

Status published

Affected Products (50)

mozilla/firefox

mozilla/firefox

mozilla/firefox

mozilla/firefox

mozilla/firefox

mozilla/firefox

mozilla/firefox

mozilla/firefox

mozilla/firefox

mozilla/firefox

mozilla/firefox

mozilla/firefox

mozilla/firefox

mozilla/firefox

mozilla/firefox

... and 35 more

Timeline

Published Jul 18, 2012

Tracked Since Feb 18, 2026