CVE-2012-4210 — Mozilla Firefox vulnerability

CWE-2647 documents5 sources

Severity

9.3CRITICALNVD

EPSS

3.8%

top 11.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox

Timeline

PublishedNov 21

Latest updateMay 17

Description

The Style Inspector in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 does not properly restrict the context of HTML markup and Cascading Style Sheets (CSS) token sequences, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted stylesheet.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDmozilla/firefox16.0.2+161

🔴Vulnerability Details

GHSA

GHSA-vghf-6629-65jw: The Style Inspector in Mozilla Firefox before 17↗2022-05-17

▶

📋Vendor Advisories

Ubuntu

Firefox regressions↗2012-12-03

▶

Ubuntu

Firefox vulnerabilities↗2012-11-21

▶

Ubuntu

ubufox update↗2012-11-21

▶

Red Hat

Mozilla: CSS and HTML injection through Style Inspector (MFSA 2012-104)↗2012-11-20

▶

💬Community

Bugzilla

CVE-2012-4210 Mozilla: CSS and HTML injection through Style Inspector (MFSA 2012-104)↗2012-11-17

▶