Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4210

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2012-4210
Last Modified 02 Nov 2013 11:26:52
Published 21 Nov 2012 07:55:02
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-4210

Summary

The Style Inspector in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 does not properly restrict the context of HTML markup and Cascading Style Sheets (CSS) token sequences, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted stylesheet.

Vulnerable Systems

Application

  • Mozilla Firefox 0.1

  • Mozilla Firefox 0.10

  • Mozilla Firefox 0.10.1

  • Mozilla Firefox 0.2

  • Mozilla Firefox 0.3

  • Mozilla Firefox 0.4

  • Mozilla Firefox 0.5

  • Mozilla Firefox 0.6

  • Mozilla Firefox 0.6.1

  • Mozilla Firefox 0.7

  • Mozilla Firefox 0.7.1

  • Mozilla Firefox 0.8

  • Mozilla Firefox 0.9

  • Mozilla Firefox 0.9.1

  • Mozilla Firefox 0.9.2

  • Mozilla Firefox 0.9.3

  • Mozilla Firefox 1.0

  • Mozilla Firefox 1.0.1

  • Mozilla Firefox 1.0.2

  • Mozilla Firefox 1.0.3

  • Mozilla Firefox 1.0.4

  • Mozilla Firefox 1.0.5

  • Mozilla Firefox 1.0.6

  • Mozilla Firefox 1.0.7

  • Mozilla Firefox 1.0.8

  • Mozilla Firefox 1.4.1

  • Mozilla Firefox 1.5

  • Mozilla Firefox 1.5.0.1

  • Mozilla Firefox 1.5.0.10

  • Mozilla Firefox 1.5.0.11

  • Mozilla Firefox 1.5.0.12

  • Mozilla Firefox 1.5.0.2

  • Mozilla Firefox 1.5.0.3

  • Mozilla Firefox 1.5.0.4

  • Mozilla Firefox 1.5.0.5

  • Mozilla Firefox 1.5.0.6

  • Mozilla Firefox 1.5.0.7

  • Mozilla Firefox 1.5.0.8

  • Mozilla Firefox 1.5.0.9

  • Mozilla Firefox 1.5.1

  • Mozilla Firefox 1.5.2

  • Mozilla Firefox 1.5.3

  • Mozilla Firefox 1.5.4

  • Mozilla Firefox 1.5.5

  • Mozilla Firefox 1.5.6

  • Mozilla Firefox 1.5.7

  • Mozilla Firefox 1.5.8

  • Mozilla Firefox 1.8

  • Mozilla Firefox 10.0

  • Mozilla Firefox 10.0.1

  • Mozilla Firefox 10.0.2

  • Mozilla Firefox 11.0

  • Mozilla Firefox 12.0

  • Mozilla Firefox 13.0

  • Mozilla Firefox 13.0.1

  • Mozilla Firefox 14.0

  • Mozilla Firefox 14.0.1

  • Mozilla Firefox 15.0

  • Mozilla Firefox 15.0.1

  • Mozilla Firefox 16.0

  • Mozilla Firefox 16.0.1

  • Mozilla Firefox 16.0.2

  • Mozilla Firefox 2.0

  • Mozilla Firefox 2.0.0.1

  • Mozilla Firefox 2.0.0.10

  • Mozilla Firefox 2.0.0.11

  • Mozilla Firefox 2.0.0.12

  • Mozilla Firefox 2.0.0.13

  • Mozilla Firefox 2.0.0.14

  • Mozilla Firefox 2.0.0.15

  • Mozilla Firefox 2.0.0.16

  • Mozilla Firefox 2.0.0.17

  • Mozilla Firefox 2.0.0.18

  • Mozilla Firefox 2.0.0.19

  • Mozilla Firefox 2.0.0.2

  • Mozilla Firefox 2.0.0.20

  • Mozilla Firefox 2.0.0.3

  • Mozilla Firefox 2.0.0.4

  • Mozilla Firefox 2.0.0.5

  • Mozilla Firefox 2.0.0.6

  • Mozilla Firefox 2.0.0.7

  • Mozilla Firefox 2.0.0.8

  • Mozilla Firefox 2.0.0.9

  • Mozilla Firefox 3.0

  • Mozilla Firefox 3.0.1

  • Mozilla Firefox 3.0.10

  • Mozilla Firefox 3.0.11

  • Mozilla Firefox 3.0.12

  • Mozilla Firefox 3.0.13

  • Mozilla Firefox 3.0.14

  • Mozilla Firefox 3.0.15

  • Mozilla Firefox 3.0.16

  • Mozilla Firefox 3.0.17

  • Mozilla Firefox 3.0.2

  • Mozilla Firefox 3.0.3

  • Mozilla Firefox 3.0.4

  • Mozilla Firefox 3.0.5

  • Mozilla Firefox 3.0.6

  • Mozilla Firefox 3.0.7

  • Mozilla Firefox 3.0.8

  • Mozilla Firefox 3.0.9

  • Mozilla Firefox 3.5

  • Mozilla Firefox 3.5.1

  • Mozilla Firefox 3.5.10

  • Mozilla Firefox 3.5.11

  • Mozilla Firefox 3.5.12

  • Mozilla Firefox 3.5.13

  • Mozilla Firefox 3.5.14

  • Mozilla Firefox 3.5.15

  • Mozilla Firefox 3.5.2

  • Mozilla Firefox 3.5.3

  • Mozilla Firefox 3.5.4

  • Mozilla Firefox 3.5.5

  • Mozilla Firefox 3.5.6

  • Mozilla Firefox 3.5.7

  • Mozilla Firefox 3.5.8

  • Mozilla Firefox 3.5.9

  • Mozilla Firefox 3.6

  • Mozilla Firefox 3.6.10

  • Mozilla Firefox 3.6.11

  • Mozilla Firefox 3.6.12

  • Mozilla Firefox 3.6.13

  • Mozilla Firefox 3.6.14

  • Mozilla Firefox 3.6.15

  • Mozilla Firefox 3.6.16

  • Mozilla Firefox 3.6.17

  • Mozilla Firefox 3.6.18

  • Mozilla Firefox 3.6.19

  • Mozilla Firefox 3.6.2

  • Mozilla Firefox 3.6.20

  • Mozilla Firefox 3.6.21

  • Mozilla Firefox 3.6.22

  • Mozilla Firefox 3.6.23

  • Mozilla Firefox 3.6.24

  • Mozilla Firefox 3.6.25

  • Mozilla Firefox 3.6.3

  • Mozilla Firefox 3.6.4

  • Mozilla Firefox 3.6.6

  • Mozilla Firefox 3.6.7

  • Mozilla Firefox 3.6.8

  • Mozilla Firefox 3.6.9

  • Mozilla Firefox 4.0

  • Mozilla Firefox 4.0.1

  • Mozilla Firefox 5.0

  • Mozilla Firefox 5.0.1

  • Mozilla Firefox 6.0

  • Mozilla Firefox 6.0.1

  • Mozilla Firefox 6.0.2

  • Mozilla Firefox 7.0

  • Mozilla Firefox 7.0.1

  • Mozilla Firefox 8.0

  • Mozilla Firefox 8.0.1

  • Mozilla Firefox 9.0

  • Mozilla Firefox 9.0.1

  • Mozilla Firefox Esr 10.0

  • Mozilla Firefox Esr 10.0.1

  • Mozilla Firefox Esr 10.0.10

  • Mozilla Firefox Esr 10.0.2

  • Mozilla Firefox Esr 10.0.3

  • Mozilla Firefox Esr 10.0.4

  • Mozilla Firefox Esr 10.0.5

  • Mozilla Firefox Esr 10.0.6

  • Mozilla Firefox Esr 10.0.7

  • Mozilla Firefox Esr 10.0.8

  • Mozilla Firefox Esr 10.0.9


References

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=796866

CONFIRM - http://www.mozilla.org/security/announce/2012/mfsa2012-104.html

UBUNTU - USN-1638-1

SUSE - openSUSE-SU-2012:1586

SUSE - openSUSE-SU-2012:1583

UBUNTU - USN-1638-3

UBUNTU - USN-1638-2

REDHAT - RHSA-2012:1482

SUSE - SUSE-SU-2012:1592

CONFIRM - http://www.palemoon.org/releasenotes-ng.shtml

SUSE - openSUSE-SU-2013:0175

XF - firefox-style-inspector-priv-esc(80182)

BID - 56646

SECUNIA - 51439

SECUNIA - 51434

SECUNIA - 51369

SECUNIA - 51359

MANDRIVA - MDVSA-2012:173

Related Patches

Red Hat 2012:1482-01 RHSA Critical: firefox security update for RHEL 5 x86

Novell SUSE 2012:7093 firefox-20121121 security update for SLE 11 SP2 i586

Novell SUSE 2012:7093 firefox-20121121 security update for SLE 11 SP2 x86_64

Novell SUSE 2012:8381 firefox-20121121 security update for SLE 10 SP4 i586

Novell SUSE 2012:8381 firefox-20121121 security update for SLE 10 SP4 x86_64

Mozilla Firefox ESR 10.0.11 for Mac OS X (Update) (See Note)

Mozilla Firefox (en-us) 17.0 for Windows (Update) (See Notes)

Mozilla Firefox 17.0 for Mac OS X (Update) (See Note) (Rev 2)

Mozilla Firefox ESR (en-us) 10.0.11 for Windows (Update) (See Notes)


Last Updated: 27 May 2016 11:01:28