CVE-2012-1966

Severity

43%

Complexity

86%

Confidentiality

48%

Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not have the same context-menu restrictions for data: URLs as for javascript: URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.

Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not have the same context-menu restrictions for data: URLs as for javascript: URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.

CVSS 2.0 Base Score 4.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N).

Overview

Type

Mozilla Firefox

First reported 12 years ago

2012-07-18 10:26:00

Last updated 7 years ago

2017-12-29 02:29:00

Affected Software

Mozilla Firefox 4.0

4.0

Mozilla Firefox 4.0 beta1

4.0

Mozilla Firefox 4.0 beta10

4.0

Mozilla Firefox 4.0 beta11

4.0

Mozilla Firefox 4.0 beta12

4.0

Mozilla Firefox 4.0 beta2

4.0

Mozilla Firefox 4.0 beta3

4.0

Mozilla Firefox 4.0 beta4

4.0

Mozilla Firefox 4.0 beta5

4.0

Mozilla Firefox 4.0 beta6

4.0

Mozilla Firefox 4.0 beta7

4.0

Mozilla Firefox 4.0 beta8

4.0

Mozilla Firefox 4.0 beta9

4.0

Mozilla Firefox 4.0.1

4.0.1

Mozilla Firefox 5.0

5.0

Mozilla Firefox 5.0.1

5.0.1

Mozilla Firefox 6.0

6.0

Mozilla Firefox 6.0.1

6.0.1

Mozilla Firefox 6.0.2

6.0.2

Mozilla Firefox 7.0

7.0

Mozilla Firefox 7.0.1

7.0.1

Mozilla Firefox 8.0

8.0

Mozilla Firefox 8.0.1

8.0.1

Mozilla Firefox 9.0

9.0

Mozilla Firefox 9.0.1

9.0.1

Mozilla Firefox 11.0

11.0

Mozilla Firefox 12.0

12.0

Mozilla Firefox 12.0 beta6

12.0

Mozilla Firefox 13.0

13.0

Mozilla Firefox Extended Support Release (ESR) 10.0

10.0

Mozilla Firefox Extended Support Release (ESR) 10.1

10.0.1

Mozilla Firefox Extended Support Release (ESR) 10.0.2

10.0.2

Mozilla Firefox Extended Support Release (ESR) 10.0.3

10.0.3

Mozilla Firefox Extended Support Release (ESR) 10.0.4

10.0.4

Mozilla Firefox Extended Support Release (ESR) 10.0.5

10.0.5

References

SUSE-SU-2012:0895

SUSE-SU-2012:0896

openSUSE-SU-2012:0899

84009

RHSA-2012:1088

49964

49965

49972

49979

49992

DSA-2514

http://www.mozilla.org/security/announce/2012/mfsa2012-46.html

Vendor Advisory

54577

1027256

USN-1509-1

USN-1509-2

https://bugzilla.mozilla.org/show_bug.cgi?id=734076

oval:org.mitre.oval:def:17037

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.