CVE-2012-5851

Name of the Vulnerable Software and Affected Versions WebKit versions prior to the version that fixes the issue in Google Chrome through 22 and Safari 5.1.7

Description The issue makes it easier for remote attackers to bypass a cross-site scripting protection mechanism. This is due to the html/parser/XSSAuditor.cpp in WebCore not considering all possible output contexts of reflected data, allowing attackers to craft a string to exploit this.

Recommendations For WebKit versions prior to the fixed version, consider disabling the XSSAuditor functionality until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.