CVE-2012-1965

2012-07-1810:26:00

CWE-79

[email protected]

web.nvd.nist.gov

mozilla

firefox

security

context

bypass

cve-2012-1965

8.5 High

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

69.8%

JSON

Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not properly establish the security context of a feed: URL, which allows remote attackers to bypass unspecified cross-site scripting (XSS) protection mechanisms via a feed:javascript: URL.

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxeq4.0
mozilla:firefoxmozilla firefoxeq8.0
mozilla:firefoxmozilla firefoxeq5.0.1
mozilla:firefoxmozilla firefoxeq5.0
mozilla:firefoxmozilla firefoxeq7.0
mozilla:firefoxmozilla firefoxeq6.0.2
mozilla:firefoxmozilla firefoxeq13.0
mozilla:firefoxmozilla firefoxeq12.0
mozilla:firefoxmozilla firefoxeq6.0.1
mozilla:firefoxmozilla firefoxeq11.0

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	eq	4.0
mozilla:firefox	mozilla firefox	eq	8.0
mozilla:firefox	mozilla firefox	eq	5.0.1
mozilla:firefox	mozilla firefox	eq	5.0
mozilla:firefox	mozilla firefox	eq	7.0
mozilla:firefox	mozilla firefox	eq	6.0.2
mozilla:firefox	mozilla firefox	eq	13.0
mozilla:firefox	mozilla firefox	eq	12.0
mozilla:firefox	mozilla firefox	eq	6.0.1
mozilla:firefox	mozilla firefox	eq	11.0