4.3

CVE-2012-1965

Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not properly establish the security context of a feed: URL, which allows remote attackers to bypass unspecified cross-site scripting (XSS) protection mechanisms via a feed:javascript: URL.

Data is provided by the National Vulnerability Database (NVD)
MozillaFirefox Version4.0
MozillaFirefox Version4.0 Updatebeta1
MozillaFirefox Version4.0 Updatebeta10
MozillaFirefox Version4.0 Updatebeta11
MozillaFirefox Version4.0 Updatebeta12
MozillaFirefox Version4.0 Updatebeta2
MozillaFirefox Version4.0 Updatebeta3
MozillaFirefox Version4.0 Updatebeta4
MozillaFirefox Version4.0 Updatebeta5
MozillaFirefox Version4.0 Updatebeta6
MozillaFirefox Version4.0 Updatebeta7
MozillaFirefox Version4.0 Updatebeta8
MozillaFirefox Version4.0 Updatebeta9
MozillaFirefox Version4.0.1
MozillaFirefox Version5.0
MozillaFirefox Version5.0.1
MozillaFirefox Version6.0
MozillaFirefox Version6.0.1
MozillaFirefox Version6.0.2
MozillaFirefox Version7.0
MozillaFirefox Version7.0.1
MozillaFirefox Version8.0
MozillaFirefox Version8.0.1
MozillaFirefox Version9.0
MozillaFirefox Version9.0.1
MozillaFirefox Version11.0
MozillaFirefox Version12.0
MozillaFirefox Version12.0 Updatebeta6
MozillaFirefox Version13.0
MozillaFirefox Version10.0
MozillaFirefox Version10.0.1
MozillaFirefox Version10.0.2
MozillaFirefox Version10.0.3
MozillaFirefox Version10.0.4
MozillaFirefox Version10.0.5
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 1.22% 0.782
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.