Lucene search
Mozilla FoundationMFSA2012-104HistoryNov 20, 2012 - 12:00 a.m.
CSS and HTML injection through Style Inspector — Mozilla
2012-11-2000:00:00
Mozilla Foundation
www.mozilla.org
30
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
0.015
Percentile
87.1%
Security researcher Mariusz Mlynski reported that when a maliciously crafted stylesheet is inspected in the Style Inspector, HTML and CSS can run in a chrome privileged context without being properly sanitized first. This can lead to arbitrary code execution.
Affected configurations
Node
mozillafirefoxRange<17
ORmozillafirefox_esrRange<10.0.11
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mozilla | firefox | * | cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* |
| mozilla | firefox_esr | * | cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* |
Related
openvas
openvas
Mozilla Firefox ESR Code Execution Vulnerabilities (Nov 2012) - Mac OS X
2013-04-01 00:00:00
Mozilla Firefox Code Execution Vulnerabilities (Nov 2012) - Mac OS X
2012-11-26 00:00:00
Mozilla Firefox Security Advisory (MFSA2012-104) - Linux
2021-11-11 00:00:00
nvd
nvd
CVE-2012-4210
2012-11-21 12:55:02
prion
prion
Code injection
2012-11-21 12:55:00
cvelist
cvelist
CVE-2012-4210
2012-11-21 11:00:00
ubuntucve
ubuntucve
CVE-2012-4210
2012-11-21 00:00:00
cve
cve
CVE-2012-4210
2012-11-21 12:55:02
veracode
veracode
Arbitrary Code Execution Or Denial Of Service (DoS)
2019-05-02 04:41:16
Arbitrary Code Execution
2019-05-02 04:41:11
Remote Code Execution (RCE)
2019-05-02 04:41:16
oraclelinux
oraclelinux
firefox security update
2012-11-20 00:00:00
redhat
redhat
(RHSA-2012:1482) Critical: firefox security update
2012-11-20 00:00:00
nessus
nessus
RHEL 5 / 6 : firefox (RHSA-2012:1482)
2012-11-21 00:00:00
Scientific Linux Security Update : firefox on SL5.x, SL6.x i386/x86_64 (20121120)
2012-11-23 00:00:00
CentOS 5 / 6 : firefox (CESA-2012:1482)
2012-11-23 00:00:00
centos
centos
firefox, xulrunner security update
2012-11-22 02:03:00
ubuntu
ubuntu
ubufox update
2012-11-21 00:00:00
Firefox vulnerabilities
2012-11-21 00:00:00
Firefox regressions
2012-12-03 00:00:00
suse
suse
security update to Firefox 17.0 and other Mozilla based packages (important)
2013-01-23 14:07:31
Security update for Mozilla Firefox (important)
2012-11-29 01:08:52
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2012-12-03 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2012-11-20 00:00:00
ibm
ibm
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00
osv
osv
MozillaFirefox-50.1.0-1.1 on GA media
2024-06-15 00:00:00
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
0.015
Percentile
87.1%
Related for MFSA2012-104