CVE-2012-1966: XSS
First published: Wed Jul 18 2012(Updated: )
Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not have the same context-menu restrictions for data: URLs as for javascript: URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Firefox | =4.0 | |
| Firefox | =4.0-beta1 | |
| Firefox | =4.0-beta10 | |
| Firefox | =4.0-beta11 | |
| Firefox | =4.0-beta12 | |
| Firefox | =4.0-beta2 | |
| Firefox | =4.0-beta3 | |
| Firefox | =4.0-beta4 | |
| Firefox | =4.0-beta5 | |
| Firefox | =4.0-beta6 | |
| Firefox | =4.0-beta7 | |
| Firefox | =4.0-beta8 | |
| Firefox | =4.0-beta9 | |
| Firefox | =4.0.1 | |
| Firefox | =5.0 | |
| Firefox | =5.0.1 | |
| Firefox | =6.0 | |
| Firefox | =6.0.1 | |
| Firefox | =6.0.2 | |
| Firefox | =7.0 | |
| Firefox | =7.0.1 | |
| Firefox | =8.0 | |
| Firefox | =8.0.1 | |
| Firefox | =9.0 | |
| Firefox | =9.0.1 | |
| Firefox | =11.0 | |
| Firefox | =12.0 | |
| Firefox | =12.0-beta6 | |
| Firefox | =13.0 | |
| Firefox | =10.0 | |
| Firefox | =10.0.1 | |
| Firefox | =10.0.2 | |
| Firefox | =10.0.3 | |
| Firefox | =10.0.4 | |
| Firefox | =10.0.5 | |
| Firefox ESR | =10.0 | |
| Firefox ESR | =10.0.1 | |
| Firefox ESR | =10.0.2 | |
| Firefox ESR | =10.0.3 | |
| Firefox ESR | =10.0.4 | |
| Firefox ESR | =10.0.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html
- http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html
- http://osvdb.org/84009
- http://rhn.redhat.com/errata/RHSA-2012-1088.html
- http://secunia.com/advisories/49964
- http://secunia.com/advisories/49965
- http://secunia.com/advisories/49972
- http://secunia.com/advisories/49979
- http://secunia.com/advisories/49992
- http://www.debian.org/security/2012/dsa-2514
- http://www.mozilla.org/security/announce/2012/mfsa2012-46.html
- http://www.securityfocus.com/bid/54577
- http://www.securitytracker.com/id?1027256
- http://www.ubuntu.com/usn/USN-1509-1
- http://www.ubuntu.com/usn/USN-1509-2
- https://bugzilla.mozilla.org/show_bug.cgi?id=734076
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17037
Frequently Asked Questions
What is the severity of CVE-2012-1966?
CVE-2012-1966 has a moderate severity rating as it allows for cross-site scripting (XSS) attacks.
How do I fix CVE-2012-1966?
To fix CVE-2012-1966, update Mozilla Firefox to version 13.0 or later, or apply any available patches for affected versions.
What versions of Firefox are affected by CVE-2012-1966?
CVE-2012-1966 affects Mozilla Firefox versions 4.x through 13.0 and Firefox ESR 10.x before 10.0.6.
What is the impact of CVE-2012-1966?
The impact of CVE-2012-1966 allows remote attackers to execute arbitrary JavaScript code via crafted data URLs, leading to potential security breaches.
Can CVE-2012-1966 exploit my web applications?
Yes, CVE-2012-1966 can be exploited to conduct XSS attacks on web applications that allow the use of manipulated data URLs.
- agent/references
- agent/type
- agent/weakness
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- agent/event
- agent/author
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/mozilla
- canonical/firefox
- version/firefox/4.0
- version/firefox/4.0-beta1
- version/firefox/4.0-beta10
- version/firefox/4.0-beta11
- version/firefox/4.0-beta12
- version/firefox/4.0-beta2
- version/firefox/4.0-beta3
- version/firefox/4.0-beta4
- version/firefox/4.0-beta5
- version/firefox/4.0-beta6
- version/firefox/4.0-beta7
- version/firefox/4.0-beta8
- version/firefox/4.0-beta9
- version/firefox/4.0.1
- version/firefox/5.0
- version/firefox/5.0.1
- version/firefox/6.0
- version/firefox/6.0.1
- version/firefox/6.0.2
- version/firefox/7.0
- version/firefox/7.0.1
- version/firefox/8.0
- version/firefox/8.0.1
- version/firefox/9.0
- version/firefox/9.0.1
- version/firefox/11.0
- version/firefox/12.0
- version/firefox/12.0-beta6
- version/firefox/13.0
- version/firefox/10.0
- version/firefox/10.0.1
- version/firefox/10.0.2
- version/firefox/10.0.3
- version/firefox/10.0.4
- version/firefox/10.0.5
- canonical/firefox esr
- version/firefox esr/10.0
- version/firefox esr/10.0.1
- version/firefox esr/10.0.2
- version/firefox esr/10.0.3
- version/firefox esr/10.0.4
- version/firefox esr/10.0.5