Lucene search

K

[email protected]NVD:CVE-2012-1965

HistoryJul 18, 2012 - 10:26 a.m.

CVE-2012-1965

2012-07-1810:26:49

CWE-79

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.1%

Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not properly establish the security context of a feed: URL, which allows remote attackers to bypass unspecified cross-site scripting (XSS) protection mechanisms via a feed:javascript: URL.

Affected configurations

NVD

Node

mozillafirefoxMatch4.0

OR

mozillafirefoxMatch4.0beta1

OR

mozillafirefoxMatch4.0beta10

OR

mozillafirefoxMatch4.0beta11

OR

mozillafirefoxMatch4.0beta12

OR

mozillafirefoxMatch4.0beta2

OR

mozillafirefoxMatch4.0beta3

OR

mozillafirefoxMatch4.0beta4

OR

mozillafirefoxMatch4.0beta5

OR

mozillafirefoxMatch4.0beta6

OR

mozillafirefoxMatch4.0beta7

OR

mozillafirefoxMatch4.0beta8

OR

mozillafirefoxMatch4.0beta9

OR

mozillafirefoxMatch4.0.1

OR

mozillafirefoxMatch5.0

OR

mozillafirefoxMatch5.0.1

OR

mozillafirefoxMatch6.0

OR

mozillafirefoxMatch6.0.1

OR

mozillafirefoxMatch6.0.2

OR

mozillafirefoxMatch7.0

OR

mozillafirefoxMatch7.0.1

OR

mozillafirefoxMatch8.0

OR

mozillafirefoxMatch8.0.1

OR

mozillafirefoxMatch9.0

OR

mozillafirefoxMatch9.0.1

OR

mozillafirefoxMatch11.0

OR

mozillafirefoxMatch12.0

OR

mozillafirefoxMatch12.0beta6

OR

mozillafirefoxMatch13.0

Node

mozillafirefox_esrMatch10.0

OR

mozillafirefox_esrMatch10.0.1

OR

mozillafirefox_esrMatch10.0.2

OR

mozillafirefox_esrMatch10.0.3

OR

mozillafirefox_esrMatch10.0.4

OR

mozillafirefox_esrMatch10.0.5

References

lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html

lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html

lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html

osvdb.org/84012

rhn.redhat.com/errata/RHSA-2012-1088.html

secunia.com/advisories/49965

secunia.com/advisories/49972

secunia.com/advisories/49979

secunia.com/advisories/49992

www.mozilla.org/security/announce/2012/mfsa2012-55.html

www.securityfocus.com/bid/54579

www.securitytracker.com/id?1027256

www.ubuntu.com/usn/USN-1509-1

www.ubuntu.com/usn/USN-1509-2

bugzilla.mozilla.org/show_bug.cgi?id=758990

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17001

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.1%

Related for NVD:CVE-2012-1965

cve1 cvelist1 ubuntucve1 prion1 openvas28 mozilla1 nessus20 oraclelinux1 veracode16 freebsd1 centos1 redhat1 securityvulns1 ubuntu2 suse4 gentoo1