CVE-2012-5883

Bugzilla 3.7.x-4.0.8, 4.1.x-4.2.3, 4.3.x-4.4rc1 - Cross-Site Scripting via YUI Flash Component

Title source: llm
STIX 2.1

Description

Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.

References (8)

Core 8
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=808845
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:066
Issue Tracking x_refsource_confirm
http://www.bugzilla.org/security/3.6.11/
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/56385
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/80116
Patch, Vendor Advisory x_refsource_confirm
http://yuilibrary.com/support/20121030-vulnerability/

Scores

EPSS 0.0210
EPSS Percentile 79.6%

Details

CWE
CWE-79
Status published
Products (29)
mozilla/bugzilla 3.7
mozilla/bugzilla 3.7.1
mozilla/bugzilla 3.7.2
mozilla/bugzilla 3.7.3
mozilla/bugzilla 4.0 (3 CPE variants)
mozilla/bugzilla 4.0.1
mozilla/bugzilla 4.0.2
mozilla/bugzilla 4.0.3
mozilla/bugzilla 4.0.4
mozilla/bugzilla 4.0.5
... and 19 more
Published Nov 16, 2012
Tracked Since Feb 18, 2026