Vulnerability Description
The Style Inspector in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 does not properly restrict the context of HTML markup and Cascading Style Sheets (CSS) token sequences, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted stylesheet.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | <= 16.0.2 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html
- http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html
- http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html
- http://rhn.redhat.com/errata/RHSA-2012-1482.html
- http://secunia.com/advisories/51359
- http://secunia.com/advisories/51369
- http://secunia.com/advisories/51434
- http://secunia.com/advisories/51439
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:173
- http://www.mozilla.org/security/announce/2012/mfsa2012-104.htmlVendor Advisory
- http://www.palemoon.org/releasenotes-ng.shtml
- http://www.securityfocus.com/bid/56646
- http://www.ubuntu.com/usn/USN-1638-1
- http://www.ubuntu.com/usn/USN-1638-2
FAQ
What is CVE-2012-4210?
CVE-2012-4210 is a vulnerability with a CVSS score of 9.3 (HIGH). The Style Inspector in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 does not properly restrict the context of HTML markup and Cascading Style Sheets (CSS) token sequences, which all...
How severe is CVE-2012-4210?
CVE-2012-4210 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-4210?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox.