CVE-2012-4210 Information

Feb 14, 2021 cve

Description

The Style Inspector in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 does not properly restrict the context of HTML markup and Cascading Style Sheets (CSS) token sequences which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted stylesheet.

Reference

http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html http://rhn.redhat.com/errata/RHSA-2012-1482.html http://secunia.com/advisories/51359 http://secunia.com/advisories/51369 http://secunia.com/advisories/51434 http://secunia.com/advisories/51439 http://www.mandriva.com/security/advisories?name=MDVSA-2012:173 http://www.mozilla.org/security/announce/2012/mfsa2012-104.html http://www.palemoon.org/releasenotes-ng.shtml http://www.securityfocus.com/bid/56646 http://www.ubuntu.com/usn/USN-1638-1 http://www.ubuntu.com/usn/USN-1638-2 http://www.ubuntu.com/usn/USN-1638-3 https://bugzilla.mozilla.org/show_bug.cgi?id=796866 https://exchange.xforce.ibmcloud.com/vulnerabilities/80182 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A16833

Share on: