CVE-2012-1966: XSS

First published: Wed Jul 18 2012(Updated: )

Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not have the same context-menu restrictions for data: URLs as for javascript: URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Mozilla Firefox	=4.0
Mozilla Firefox	=4.0-beta1
Mozilla Firefox	=4.0-beta10
Mozilla Firefox	=4.0-beta11
Mozilla Firefox	=4.0-beta12
Mozilla Firefox	=4.0-beta2
Mozilla Firefox	=4.0-beta3
Mozilla Firefox	=4.0-beta4
Mozilla Firefox	=4.0-beta5
Mozilla Firefox	=4.0-beta6
Mozilla Firefox	=4.0-beta7
Mozilla Firefox	=4.0-beta8
Mozilla Firefox	=4.0-beta9
Mozilla Firefox	=4.0.1
Mozilla Firefox	=5.0
Mozilla Firefox	=5.0.1
Mozilla Firefox	=6.0
Mozilla Firefox	=6.0.1
Mozilla Firefox	=6.0.2
Mozilla Firefox	=7.0
Mozilla Firefox	=7.0.1
Mozilla Firefox	=8.0
Mozilla Firefox	=8.0.1
Mozilla Firefox	=9.0
Mozilla Firefox	=9.0.1
Mozilla Firefox	=11.0
Mozilla Firefox	=12.0
Mozilla Firefox	=12.0-beta6
Mozilla Firefox	=13.0
Mozilla Firefox ESR	=10.0
Mozilla Firefox ESR	=10.0.1
Mozilla Firefox ESR	=10.0.2
Mozilla Firefox ESR	=10.0.3
Mozilla Firefox ESR	=10.0.4
Mozilla Firefox ESR	=10.0.5
Mozilla Firefox	=10.0
Mozilla Firefox	=10.0.1
Mozilla Firefox	=10.0.2
Mozilla Firefox	=10.0.3
Mozilla Firefox	=10.0.4
Mozilla Firefox	=10.0.5

Never miss a vulnerability like this again

Reference Links

agent/references
agent/type
collector/nvd-index
agent/software-canonical-lookup-request
agent/weakness
agent/severity
agent/description
collector/mitre-cve
source/MITRE
agent/first-publish-date
agent/event
agent/last-modified-date
agent/author
agent/tags
agent/softwarecombine
collector/nvd-api
source/NVD
agent/software-canonical-lookup
vendor/mozilla
canonical/mozilla firefox
version/mozilla firefox/4.0
version/mozilla firefox/4.0-beta1
version/mozilla firefox/4.0-beta10
version/mozilla firefox/4.0-beta11
version/mozilla firefox/4.0-beta12
version/mozilla firefox/4.0-beta2
version/mozilla firefox/4.0-beta3
version/mozilla firefox/4.0-beta4
version/mozilla firefox/4.0-beta5
version/mozilla firefox/4.0-beta6
version/mozilla firefox/4.0-beta7
version/mozilla firefox/4.0-beta8
version/mozilla firefox/4.0-beta9
version/mozilla firefox/4.0.1
version/mozilla firefox/5.0
version/mozilla firefox/5.0.1
version/mozilla firefox/6.0
version/mozilla firefox/6.0.1
version/mozilla firefox/6.0.2
version/mozilla firefox/7.0
version/mozilla firefox/7.0.1
version/mozilla firefox/8.0
version/mozilla firefox/8.0.1
version/mozilla firefox/9.0
version/mozilla firefox/9.0.1
version/mozilla firefox/11.0
version/mozilla firefox/12.0
version/mozilla firefox/12.0-beta6
version/mozilla firefox/13.0
canonical/mozilla firefox esr
version/mozilla firefox esr/10.0
version/mozilla firefox esr/10.0.1
version/mozilla firefox esr/10.0.2
version/mozilla firefox esr/10.0.3
version/mozilla firefox esr/10.0.4
version/mozilla firefox esr/10.0.5
version/mozilla firefox/10.0
version/mozilla firefox/10.0.1
version/mozilla firefox/10.0.2
version/mozilla firefox/10.0.3
version/mozilla firefox/10.0.4
version/mozilla firefox/10.0.5

CVE-2012-1966: XSS

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact