Home > Vulnerability Database > CVE-2012-4210

Mend.io Vulnerability Database

CVE-2012-4210

Date: November 21, 2012

The Style Inspector in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 does not properly restrict the context of HTML markup and Cascading Style Sheets (CSS) token sequences, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted stylesheet.

Severity Score

8.1

Related Resources (23)

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=796866

Url: http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html

Url: http://www.ubuntu.com/usn/USN-1638-3

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16833

Url: http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html

Url: http://www.mozilla.org/security/announce/2012/mfsa2012-104.html

Url: https://access.redhat.com/security/cve/CVE-2012-4210

Url: http://www.ubuntu.com/usn/USN-1638-2

Url: http://secunia.com/advisories/51359

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2012-4210

Url: http://www.ubuntu.com/usn/USN-1638-1

Url: http://secunia.com/advisories/51369

Url: http://secunia.com/advisories/51434

Url: http://www.palemoon.org/releasenotes-ng.shtml

Url: http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html

Url: http://secunia.com/advisories/51439

Url: https://nvd.nist.gov/vuln/detail/CVE-2012-4210

Url: http://rhn.redhat.com/errata/RHSA-2012-1482.html

Url: http://www.securityfocus.com/bid/56646

Url: http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2012:173

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/80182

Url: https://www.mend.io/vulnerability-database/CVE-2012-4210

Severity Score

8.1

Weakness Type (CWE)

Permissions, Privileges, and Access Control

CWE-264

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	9.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2012-4210

Date: November 21, 2012

Severity Score

Related Resources (23)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?