PT-2012-5253 · Mozilla+3 · Firefox+4

Mariusz Mlynski

Published

2012-11-20

Updated

2024-12-12

CVE-2012-4210

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 17.0 Mozilla Firefox ESR versions prior to 10.0.11

Description The issue allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted stylesheet, due to the improper restriction of the context of HTML markup and Cascading Style Sheets (CSS) token sequences by the Style Inspector.

Recommendations For Mozilla Firefox versions prior to 17.0, update to version 17.0 or later. For Mozilla Firefox ESR versions prior to 10.0.11, update to version 10.0.11 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CESA-2012_1482

CVE-2012-4210

OPENSUSE-SU-2024:10071-1

OPENSUSE-SU-2024:14572-1

RHSA-2012:1482

RHSA-2012_1482

Affected Products

Centos

Firefox

Firefox Esr

Red Hat

Suse

PT-2012-5253 · Mozilla+3 · Firefox+4

CVE-2012-4210

Weakness Enumeration

Related Identifiers

Affected Products

References · 2125