New Search

The Style Inspector in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 does not properly restrict the context of HTML markup and Cascading Style Sheets (CSS) token sequences which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted stylesheet.

oval:org.mitre.oval:def:16833

The Style Inspector in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 does not properly restrict the context of HTML markup and Cascading Style Sheets (CSS) token sequences which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted stylesheet.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Server 2008
  • Microsoft Windows 2000
  • Microsoft Windows 7
  • Microsoft Windows XP
  • Microsoft Windows Server 2003
  • Microsoft Windows Vista
Class:
vulnerability
Reference(s):
  • CVE-2012-4210
Product(s):
  • Mozilla Firefox
  • Mozilla Firefox ESR