CVE-2012-1966

Published: Jul 18, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not have the same context-menu restrictions for data: URLs as for javascript: URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

49992

third-party-advisory

x_refsource_SECUNIA

DSA-2514

vendor-advisory

x_refsource_DEBIAN

1027256

vdb-entry

x_refsource_SECTRACK

RHSA-2012:1088

vendor-advisory

x_refsource_REDHAT

USN-1509-2

vendor-advisory

x_refsource_UBUNTU

oval:org.mitre.oval:def:17037

vdb-entry

signature

x_refsource_OVAL

49979

third-party-advisory

x_refsource_SECUNIA

SUSE-SU-2012:0895

vendor-advisory

x_refsource_SUSE

84009

vdb-entry

x_refsource_OSVDB

http://www.mozilla.org/security/announce/2012/mfsa2012-46.html

x_refsource_CONFIRM

49965

third-party-advisory

x_refsource_SECUNIA

54577

vdb-entry

x_refsource_BID

https://bugzilla.mozilla.org/show_bug.cgi?id=734076

x_refsource_CONFIRM

49964

third-party-advisory

x_refsource_SECUNIA

SUSE-SU-2012:0896

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2012:0899

vendor-advisory

x_refsource_SUSE

USN-1509-1

vendor-advisory

x_refsource_UBUNTU

49972

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2012-1966

Description

Affected Products

References