Vulnerability-Lookup

CVE-2012-1965 (GCVE-0-2012-1965)

Vulnerability from cvelistv5 – Published: 2012-07-18 10:00 – Updated: 2024-08-06 19:17

Summary

Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not properly establish the security context of a feed: URL, which allows remote attackers to bypass unspecified cross-site scripting (XSS) protection mechanisms via a feed:javascript: URL.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=758990	x_refsource_CONFIRM
	http://secunia.com/advisories/49992	third-party-advisoryx_refsource_SECUNIA
	http://www.securitytracker.com/id?1027256	vdb-entryx_refsource_SECTRACK
	http://www.mozilla.org/security/announce/2012/mfs…	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2012-1088.html	vendor-advisoryx_refsource_REDHAT
	http://www.ubuntu.com/usn/USN-1509-2	vendor-advisoryx_refsource_UBUNTU
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://secunia.com/advisories/49979	third-party-advisoryx_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://secunia.com/advisories/49965	third-party-advisoryx_refsource_SECUNIA
	http://osvdb.org/84012	vdb-entryx_refsource_OSVDB
	http://www.securityfocus.com/bid/54579	vdb-entryx_refsource_BID
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.ubuntu.com/usn/USN-1509-1	vendor-advisoryx_refsource_UBUNTU
	http://secunia.com/advisories/49972	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:17:27.321Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=758990"
          },
          {
            "name": "49992",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/49992"
          },
          {
            "name": "1027256",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1027256"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-55.html"
          },
          {
            "name": "RHSA-2012:1088",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1088.html"
          },
          {
            "name": "USN-1509-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1509-2"
          },
          {
            "name": "oval:org.mitre.oval:def:17001",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17001"
          },
          {
            "name": "49979",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/49979"
          },
          {
            "name": "SUSE-SU-2012:0895",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html"
          },
          {
            "name": "49965",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/49965"
          },
          {
            "name": "84012",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/84012"
          },
          {
            "name": "54579",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/54579"
          },
          {
            "name": "SUSE-SU-2012:0896",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html"
          },
          {
            "name": "openSUSE-SU-2012:0899",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html"
          },
          {
            "name": "USN-1509-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1509-1"
          },
          {
            "name": "49972",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/49972"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-07-17T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not properly establish the security context of a feed: URL, which allows remote attackers to bypass unspecified cross-site scripting (XSS) protection mechanisms via a feed:javascript: URL."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-28T20:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=758990"
        },
        {
          "name": "49992",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/49992"
        },
        {
          "name": "1027256",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1027256"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-55.html"
        },
        {
          "name": "RHSA-2012:1088",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1088.html"
        },
        {
          "name": "USN-1509-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1509-2"
        },
        {
          "name": "oval:org.mitre.oval:def:17001",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17001"
        },
        {
          "name": "49979",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/49979"
        },
        {
          "name": "SUSE-SU-2012:0895",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html"
        },
        {
          "name": "49965",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/49965"
        },
        {
          "name": "84012",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/84012"
        },
        {
          "name": "54579",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/54579"
        },
        {
          "name": "SUSE-SU-2012:0896",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html"
        },
        {
          "name": "openSUSE-SU-2012:0899",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html"
        },
        {
          "name": "USN-1509-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1509-1"
        },
        {
          "name": "49972",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/49972"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-1965",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not properly establish the security context of a feed: URL, which allows remote attackers to bypass unspecified cross-site scripting (XSS) protection mechanisms via a feed:javascript: URL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=758990",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=758990"
            },
            {
              "name": "49992",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/49992"
            },
            {
              "name": "1027256",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1027256"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-55.html",
              "refsource": "CONFIRM",
              "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-55.html"
            },
            {
              "name": "RHSA-2012:1088",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-1088.html"
            },
            {
              "name": "USN-1509-2",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1509-2"
            },
            {
              "name": "oval:org.mitre.oval:def:17001",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17001"
            },
            {
              "name": "49979",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/49979"
            },
            {
              "name": "SUSE-SU-2012:0895",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html"
            },
            {
              "name": "49965",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/49965"
            },
            {
              "name": "84012",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/84012"
            },
            {
              "name": "54579",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/54579"
            },
            {
              "name": "SUSE-SU-2012:0896",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html"
            },
            {
              "name": "openSUSE-SU-2012:0899",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html"
            },
            {
              "name": "USN-1509-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1509-1"
            },
            {
              "name": "49972",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/49972"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2012-1965",
    "datePublished": "2012-07-18T10:00:00.000Z",
    "dateReserved": "2012-03-30T00:00:00.000Z",
    "dateUpdated": "2024-08-06T19:17:27.321Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GSD-2012-1965

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2012-1965

Aliases

CVE-2012-1965

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2012-1965",
    "description": "Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not properly establish the security context of a feed: URL, which allows remote attackers to bypass unspecified cross-site scripting (XSS) protection mechanisms via a feed:javascript: URL.",
    "id": "GSD-2012-1965",
    "references": [
      "https://www.suse.com/security/cve/CVE-2012-1965.html",
      "https://access.redhat.com/errata/RHSA-2012:1088",
      "https://linux.oracle.com/cve/CVE-2012-1965.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2012-1965"
      ],
      "details": "Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not properly establish the security context of a feed: URL, which allows remote attackers to bypass unspecified cross-site scripting (XSS) protection mechanisms via a feed:javascript: URL.",
      "id": "GSD-2012-1965",
      "modified": "2023-12-13T01:20:18.712694Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2012-1965",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not properly establish the security context of a feed: URL, which allows remote attackers to bypass unspecified cross-site scripting (XSS) protection mechanisms via a feed:javascript: URL."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=758990",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=758990"
          },
          {
            "name": "49992",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/49992"
          },
          {
            "name": "1027256",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1027256"
          },
          {
            "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-55.html",
            "refsource": "CONFIRM",
            "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-55.html"
          },
          {
            "name": "RHSA-2012:1088",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1088.html"
          },
          {
            "name": "USN-1509-2",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-1509-2"
          },
          {
            "name": "oval:org.mitre.oval:def:17001",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17001"
          },
          {
            "name": "49979",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/49979"
          },
          {
            "name": "SUSE-SU-2012:0895",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html"
          },
          {
            "name": "49965",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/49965"
          },
          {
            "name": "84012",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/84012"
          },
          {
            "name": "54579",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/54579"
          },
          {
            "name": "SUSE-SU-2012:0896",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html"
          },
          {
            "name": "openSUSE-SU-2012:0899",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html"
          },
          {
            "name": "USN-1509-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-1509-1"
          },
          {
            "name": "49972",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/49972"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:4.0:beta7:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:4.0:beta8:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:4.0:beta6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:4.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:6.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:7.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:12.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:12.0:beta6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:13.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:4.0:beta12:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:4.0:beta11:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:5.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:8.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:9.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:4.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:4.0:beta5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:6.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:4.0:beta9:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:4.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:4.0:beta10:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:4.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:4.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:10.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:10.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:10.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:10.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:10.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-1965"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not properly establish the security context of a feed: URL, which allows remote attackers to bypass unspecified cross-site scripting (XSS) protection mechanisms via a feed:javascript: URL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=758990",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=758990"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-55.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-55.html"
            },
            {
              "name": "openSUSE-SU-2012:0899",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html"
            },
            {
              "name": "RHSA-2012:1088",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2012-1088.html"
            },
            {
              "name": "SUSE-SU-2012:0896",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html"
            },
            {
              "name": "SUSE-SU-2012:0895",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html"
            },
            {
              "name": "USN-1509-2",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-1509-2"
            },
            {
              "name": "1027256",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1027256"
            },
            {
              "name": "49965",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/49965"
            },
            {
              "name": "49972",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/49972"
            },
            {
              "name": "USN-1509-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-1509-1"
            },
            {
              "name": "49992",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/49992"
            },
            {
              "name": "oval:org.mitre.oval:def:17001",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17001"
            },
            {
              "name": "54579",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/54579"
            },
            {
              "name": "49979",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/49979"
            },
            {
              "name": "84012",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/84012"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-12-29T02:29Z",
      "publishedDate": "2012-07-18T10:26Z"
    }
  }
}

FKIE_CVE-2012-1965

Vulnerability from fkie_nvd - Published: 2012-07-18 10:26 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html
cve@mitre.org	http://osvdb.org/84012
cve@mitre.org	http://rhn.redhat.com/errata/RHSA-2012-1088.html
cve@mitre.org	http://secunia.com/advisories/49965
cve@mitre.org	http://secunia.com/advisories/49972
cve@mitre.org	http://secunia.com/advisories/49979
cve@mitre.org	http://secunia.com/advisories/49992
cve@mitre.org	http://www.mozilla.org/security/announce/2012/mfsa2012-55.html	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/54579
cve@mitre.org	http://www.securitytracker.com/id?1027256
cve@mitre.org	http://www.ubuntu.com/usn/USN-1509-1
cve@mitre.org	http://www.ubuntu.com/usn/USN-1509-2
cve@mitre.org	https://bugzilla.mozilla.org/show_bug.cgi?id=758990
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17001
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/84012
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2012-1088.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/49965
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/49972
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/49979
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/49992
af854a3a-2127-422b-91ae-364da2661108	http://www.mozilla.org/security/announce/2012/mfsa2012-55.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/54579
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1027256
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-1509-1
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-1509-2
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.mozilla.org/show_bug.cgi?id=758990
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17001

Impacted products

Vendor	Product	Version
mozilla	firefox	4.0
mozilla	firefox	4.0
mozilla	firefox	4.0
mozilla	firefox	4.0
mozilla	firefox	4.0
mozilla	firefox	4.0
mozilla	firefox	4.0
mozilla	firefox	4.0
mozilla	firefox	4.0
mozilla	firefox	4.0
mozilla	firefox	4.0
mozilla	firefox	4.0
mozilla	firefox	4.0
mozilla	firefox	4.0.1
mozilla	firefox	5.0
mozilla	firefox	5.0.1
mozilla	firefox	6.0
mozilla	firefox	6.0.1
mozilla	firefox	6.0.2
mozilla	firefox	7.0
mozilla	firefox	7.0.1
mozilla	firefox	8.0
mozilla	firefox	8.0.1
mozilla	firefox	9.0
mozilla	firefox	9.0.1
mozilla	firefox	11.0
mozilla	firefox	12.0
mozilla	firefox	12.0
mozilla	firefox	13.0
mozilla	firefox	10.0
mozilla	firefox	10.0.1
mozilla	firefox	10.0.2
mozilla	firefox	10.0.3
mozilla	firefox	10.0.4
mozilla	firefox	10.0.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C69962C4-FA56-47F2-82A4-DFF4C19DAF3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:4.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "B7BC1684-3634-4585-B7E6-8C8777E1DA0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:4.0:beta10:*:*:*:*:*:*",
              "matchCriteriaId": "A490D040-EF74-45C2-89ED-D88ADD222712",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:4.0:beta11:*:*:*:*:*:*",
              "matchCriteriaId": "6CDA17D1-CD93-401E-860C-7C3291FEEB7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:4.0:beta12:*:*:*:*:*:*",
              "matchCriteriaId": "6F72FDE3-54E0-48E4-9015-1B8A36DB1EC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:4.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "4062C901-3828-415B-A6C3-EDD0E7B20C0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:4.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "CC0D8730-7034-4AD6-9B05-F8BAFB0145EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:4.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "857AFB05-F0C1-4061-9680-9561D68C908F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:4.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "EC37EBAF-C979-4ACC-ACA9-BDC2AECCB0D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:4.0:beta6:*:*:*:*:*:*",
              "matchCriteriaId": "80801CD8-EEAF-4BC4-9085-DCCC6CF73076",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:4.0:beta7:*:*:*:*:*:*",
              "matchCriteriaId": "FAF4C78A-5093-4871-AF69-A8E8FD7E1AAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:4.0:beta8:*:*:*:*:*:*",
              "matchCriteriaId": "560AD4C7-89D2-4323-BBCC-A89EEB6832CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:4.0:beta9:*:*:*:*:*:*",
              "matchCriteriaId": "6B389CBC-4F6C-4C17-A87B-A6DD92703A10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDFBA043-91BC-4FB5-A34D-FCE1A9C65A88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8901A808-66F1-4501-AFF6-6FBB22852855",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B88D1373-6E41-4EF4-86A0-CE85EA3BF23E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F42315C-35AF-4EDD-8B78-A9EDB9F85D59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "62147F86-C2E6-4D55-9C72-F8BB430F2F7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE4D1FFD-3AFE-4F52-BCBE-A56609B2D7EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B2CD349-B9BF-4752-B7B9-665BF718EDB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "11A8F675-A91F-4E41-AA2B-5214DF79C69C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "75B6A811-2B5A-484A-9878-C8E2C3E7633C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:8.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "456769EF-8961-4038-A7D5-B980147159E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7439C998-E396-4EEC-9C21-E82D27459EA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1CD246C-1104-4DA1-9BFD-ED0B1FBA7EF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FEA6800-CBDB-497A-BBBE-1C40E8484A89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF604D56-5D81-4276-88A1-AE321929E22A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:12.0:beta6:*:*:*:*:*:*",
              "matchCriteriaId": "AB630A94-DA1F-4A7F-891D-E6F242C20271",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B038D136-BB5E-4252-B313-A13919195DB2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1D4D8C9-5A00-46FE-9E42-CB8C2D66B120",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:10.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E639BCCB-A6BF-4174-BFAF-9674E65BA404",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:10.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDFC5947-3C3D-4484-8803-D6629C63B315",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:10.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A04BF0E2-0A40-4396-A46A-005D103D9E3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:10.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0C4C930-6EC1-469D-811C-E85490AB38C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:10.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D93271DA-A9E2-459B-832E-162A803DD2E9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not properly establish the security context of a feed: URL, which allows remote attackers to bypass unspecified cross-site scripting (XSS) protection mechanisms via a feed:javascript: URL."
    },
    {
      "lang": "es",
      "value": "Mozilla Firefox v4.x a v13.0 y Firefox ESR v10.x antes de v10.0.6 no establecen debidamente el contexto de seguridad de una URL feed: , lo que permite a atacantes remotos evitar mecanismos de proteccion anti XSS (vulnerabilidades de ejecuci\u00f3n de comandos en sitios cruzados) a trav\u00e9s de una URL feed:javascript:."
    }
  ],
  "id": "CVE-2012-1965",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-07-18T10:26:49.173",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/84012"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1088.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/49965"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/49972"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/49979"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/49992"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-55.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/54579"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1027256"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-1509-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-1509-2"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=758990"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17001"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/84012"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1088.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/49965"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/49972"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/49979"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/49992"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-55.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/54579"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1027256"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1509-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1509-2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=758990"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17001"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2012-AVI-394

Vulnerability from certfr_avis - Published: 2012-07-18 - Updated: 2012-07-18

Quatorze vulnérabilités ont été corrigées dans les produits Mozilla. Elles permettent de falsifier des URL, lire de façon arbitraire des espaces mémoire, écrire de façon arbitraire dans des espaces mémoire, contourner des politiques de sécurité et exécuter du code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Mozilla	Thunderbird	versions antérieures à Thunderbird 14 ;
Mozilla	Firefox	versions antérieures à Firefox ESR 10.0.6 ;
Mozilla	Firefox	Versions antérieures à Firefox 14 ;
Mozilla	Thunderbird	versions antérieures à Thunderbird ESR 10.0.6 ;
Mozilla	N/A	versions antérieures à SeaMonkey 2.11.

References

Title

Publication Time

GHSA-Q7XW-4WRP-FQF4

Vulnerability from github – Published: 2022-05-14 04:02 – Updated: 2022-05-14 04:02

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2012-1965"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-07-18T10:26:00Z",
    "severity": "MODERATE"
  },
  "details": "Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not properly establish the security context of a feed: URL, which allows remote attackers to bypass unspecified cross-site scripting (XSS) protection mechanisms via a feed:javascript: URL.",
  "id": "GHSA-q7xw-4wrp-fqf4",
  "modified": "2022-05-14T04:02:24Z",
  "published": "2022-05-14T04:02:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1965"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=758990"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17001"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/84012"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1088.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/49965"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/49972"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/49979"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/49992"
    },
    {
      "type": "WEB",
      "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-55.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/54579"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1027256"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-1509-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-1509-2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2012-1965 (GCVE-0-2012-1965)

GSD-2012-1965

FKIE_CVE-2012-1965

CERTA-2012-AVI-394

Solution

GHSA-Q7XW-4WRP-FQF4

Tags

Sightings

Nomenclature