Description
The Style Inspector in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 does not properly restrict the context of HTML markup and Cascading Style Sheets (CSS) token sequences, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted stylesheet.
References (19)
Core 19
Core References
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1638-3
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1638-2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/80182
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/56646
Various Sources x_refsource_confirm
http://www.palemoon.org/releasenotes-ng.shtml
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-1482.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/51434
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/51439
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16833
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1638-1
Vendor Advisory x_refsource_confirm
http://www.mozilla.org/security/announce/2012/mfsa2012-104.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/51359
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2012:173
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/51369
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=796866
Scores
EPSS
0.0353
EPSS Percentile
87.9%
Details
CWE
CWE-264
Status
published
Products (46)
mozilla/firefox
0.1
mozilla/firefox
0.2
mozilla/firefox
0.3
mozilla/firefox
0.4
mozilla/firefox
0.5
mozilla/firefox
0.6
mozilla/firefox
0.6.1
mozilla/firefox
0.7
mozilla/firefox
0.7.1
mozilla/firefox
0.8
... and 36 more
Published
Nov 21, 2012
Tracked Since
Feb 18, 2026