CVE Vulnerabilities

CVE-2012-1966

Published: Jul 18, 2012 | Modified: Dec 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not have the same context-menu restrictions for data: URLs as for javascript: URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.

Affected Software

Name Vendor Start Version End Version
Firefox Mozilla 4.0 4.0
Firefox Mozilla 4.0 4.0
Firefox Mozilla 8.0 8.0
Firefox Mozilla 4.0 4.0
Firefox Mozilla 4.0 4.0
Firefox Mozilla 4.0 4.0
Firefox Mozilla 4.0 4.0
Firefox Mozilla 4.0 4.0
Firefox Mozilla 5.0.1 5.0.1
Firefox Mozilla 5.0 5.0
Firefox Mozilla 7.0 7.0
Firefox Mozilla 6.0.2 6.0.2
Firefox Mozilla 4.0 4.0
Firefox Mozilla 4.0 4.0
Firefox Mozilla 13.0 13.0
Firefox Mozilla 4.0 4.0
Firefox Mozilla 12.0 12.0
Firefox Mozilla 6.0.1 6.0.1
Firefox Mozilla 4.0 4.0
Firefox Mozilla 11.0 11.0
Firefox Mozilla 6.0 6.0
Firefox Mozilla 7.0.1 7.0.1
Firefox Mozilla 4.0 4.0
Firefox Mozilla 12.0 12.0
Firefox Mozilla 8.0.1 8.0.1
Firefox Mozilla 9.0.1 9.0.1
Firefox Mozilla 4.0 4.0
Firefox Mozilla 9.0 9.0
Firefox Mozilla 4.0.1 4.0.1

References