CVE-2012-5837 — Cross-site Scripting in Mozilla Firefox

CWE-79 — Cross-site Scripting CWE-94 — Code Injection6 documents5 sources

Severity

6.8MEDIUMNVD

EPSS

1.4%

top 19.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox

Timeline

PublishedNov 21

Latest updateMay 17

Description

The Web Developer Toolbar in Mozilla Firefox before 17.0 executes script with chrome privileges, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDmozilla/firefox16.0.2+153

🔴Vulnerability Details

GHSA

GHSA-jmrm-6r25-5p6x: The Web Developer Toolbar in Mozilla Firefox before 17↗2022-05-17

▶

📋Vendor Advisories

Ubuntu

Firefox regressions↗2012-12-03

▶

Ubuntu

Firefox vulnerabilities↗2012-11-21

▶

Red Hat

Mozilla: Script entered into Developer Toolbar runs with chrome privileges (MFSA 2012-102)↗2012-11-20

▶

💬Community

Bugzilla

CVE-2012-5837 Mozilla: Script entered into Developer Toolbar runs with chrome privileges (MFSA 2012-102)↗2012-11-17

▶