SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2012-4210

Date: (C)2012-11-21 (M)2024-03-27

The Style Inspector in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 does not properly restrict the context of HTML markup and Cascading Style Sheets (CSS) token sequences, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted stylesheet.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE

Reference:

IAVM:2012-A-0190

SUSE-SU-2012:1592

firefox-style-inspector-priv-esc(80182)

http://www.mozilla.org/security/announce/2012/mfsa2012-104.html

http://www.palemoon.org/releasenotes-ng.shtml

https://bugzilla.mozilla.org/show_bug.cgi?id=796866

openSUSE-SU-2012:1583

openSUSE-SU-2012:1586

openSUSE-SU-2013:0175

oval:org.mitre.oval:def:16833

CPE 182

cpe:/a:mozilla:firefox:14.0
cpe:/a:mozilla:firefox:1.5:beta2
cpe:/a:mozilla:firefox:1.5:beta1
cpe:/a:mozilla:firefox:7.0.1
...

oval:org.secpod.oval:def:701078
oval:org.secpod.oval:def:701076
oval:org.secpod.oval:def:400476
oval:org.secpod.oval:def:1300142
...

© SecPod Technologies