CVE-2012-4210

Firefox < 17.0 - Remote Code Execution via Style Inspector

Title source: llm
STIX 2.1

Description

The Style Inspector in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 does not properly restrict the context of HTML markup and Cascading Style Sheets (CSS) token sequences, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted stylesheet.

References (19)

Core 19
Core References
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1638-3
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1638-2
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/80182
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/56646
Various Sources x_refsource_confirm
http://www.palemoon.org/releasenotes-ng.shtml
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-1482.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/51434
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/51439
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16833
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1638-1
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/51359
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2012:173
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/51369
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=796866

Scores

EPSS 0.0353
EPSS Percentile 87.9%

Details

CWE
CWE-264
Status published
Products (46)
mozilla/firefox 0.1
mozilla/firefox 0.2
mozilla/firefox 0.3
mozilla/firefox 0.4
mozilla/firefox 0.5
mozilla/firefox 0.6
mozilla/firefox 0.6.1
mozilla/firefox 0.7
mozilla/firefox 0.7.1
mozilla/firefox 0.8
... and 36 more
Published Nov 21, 2012
Tracked Since Feb 18, 2026