Lucene search

K

PRIOn knowledge basePRION:CVE-2012-4207

HistoryNov 21, 2012 - 12:55 p.m.

Cross site scripting

2012-11-2112:55:00

PRIOn knowledge base

www.prio-n.com

9

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

70.8%

The HZ-GB-2312 character-set implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly handle a ~ (tilde) character in proximity to a chunk delimiter, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document.

CPENameOperatorVersion
ubuntu_linuxeq11.10
ubuntu_linuxeq12.10
ubuntu_linuxeq12.04
ubuntu_linuxeq10.04
debian_linuxeq7.0
debian_linuxeq6.0
firefoxlt17.0
firefox_esrge10.0
firefox_esrlt10.0.11
seamonkeylt2.14

Rows per page:

1-10 of 301

References

lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html

lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html

lists.opensuse.org/opensuse-updates/2012-11/msg00090.html

lists.opensuse.org/opensuse-updates/2012-11/msg00092.html

lists.opensuse.org/opensuse-updates/2012-11/msg00093.html

osvdb.org/87587

rhn.redhat.com/errata/RHSA-2012-1482.html

rhn.redhat.com/errata/RHSA-2012-1483.html

secunia.com/advisories/51359

secunia.com/advisories/51360

secunia.com/advisories/51369

secunia.com/advisories/51370

secunia.com/advisories/51381

secunia.com/advisories/51434

secunia.com/advisories/51439

secunia.com/advisories/51440

www.debian.org/security/2012/dsa-2583

www.debian.org/security/2012/dsa-2584

www.debian.org/security/2012/dsa-2588

www.mandriva.com/security/advisories?name=MDVSA-2012:173

www.mozilla.org/security/announce/2012/mfsa2012-101.html

www.palemoon.org/releasenotes-ng.shtml

www.securityfocus.com/bid/56632

www.ubuntu.com/usn/USN-1636-1

www.ubuntu.com/usn/USN-1638-1

www.ubuntu.com/usn/USN-1638-2

www.ubuntu.com/usn/USN-1638-3

bugzilla.mozilla.org/show_bug.cgi?id=801681

exchange.xforce.ibmcloud.com/vulnerabilities/80179

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16955

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

70.8%

Related for PRION:CVE-2012-4207

nvd1 mozilla1 openvas56 cve1 cvelist1 ubuntucve1 osv3 debian3 nessus38 centos2 redhat2 veracode11 oraclelinux2 ubuntu4 securityvulns1 suse3 freebsd1 ibm2 gentoo1