CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
87.1%
The Style Inspector in Mozilla Firefox before 17.0 and Firefox ESR 10.x
before 10.0.11 does not properly restrict the context of HTML markup and
Cascading Style Sheets (CSS) token sequences, which allows user-assisted
remote attackers to execute arbitrary JavaScript code with chrome
privileges via a crafted stylesheet.
Author | Note |
---|---|
jdstrand | xulrunner-1.9.2 unmaintained upstream (see README.mozilla for details) |
micahg | Firefox only per MFSA |