CVE-2012-1966 — Cross-site Scripting in Mozilla Firefox

CWE-264 CWE-79 — Cross-site Scripting6 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

1.4%

top 19.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox

Timeline

PublishedJul 18

Latest updateMay 14

Description

Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not have the same context-menu restrictions for data: URLs as for javascript: URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDmozilla/firefox22 versions+21

🔴Vulnerability Details

GHSA

GHSA-fgj8-79hw-hmwq: Mozilla Firefox 4↗2022-05-14

▶

📋Vendor Advisories

Ubuntu

ubufox update↗2012-07-18

▶

Ubuntu

Firefox vulnerabilities↗2012-07-17

▶

Red Hat

Mozilla: XSS and code execution through data: URLs (MFSA 2012-46)↗2012-07-17

▶

💬Community

Bugzilla

CVE-2012-1966 Mozilla: XSS and code execution through data: URLs (MFSA 2012-46)↗2012-07-14

▶