CVE-2012-1965 — Cross-site Scripting in Mozilla Firefox

CWE-79 — Cross-site Scripting6 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

1.2%

top 20.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox

Timeline

PublishedJul 18

Latest updateMay 14

Description

Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not properly establish the security context of a feed: URL, which allows remote attackers to bypass unspecified cross-site scripting (XSS) protection mechanisms via a feed:javascript: URL.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDmozilla/firefox22 versions+21

🔴Vulnerability Details

GHSA

GHSA-q7xw-4wrp-fqf4: Mozilla Firefox 4↗2022-05-14

▶

📋Vendor Advisories

Ubuntu

ubufox update↗2012-07-18

▶

Red Hat

Mozilla: feed: URLs with an innerURI inherit security context of page (MFSA 2012-55)↗2012-07-17

▶

Ubuntu

Firefox vulnerabilities↗2012-07-17

▶

💬Community

Bugzilla

CVE-2012-1965 Mozilla: feed: URLs with an innerURI inherit security context of page (MFSA 2012-55)↗2012-07-14

▶