CVE-2012-4203

Published: 21/11/2012 Updated: 19/09/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

The New Tab page in Mozilla Firefox prior to 17.0 uses a privileged context for execution of JavaScript code by bookmarklets, which allows user-assisted remote malicious users to run arbitrary programs by leveraging a javascript: URL in a bookmark.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox 13.0.1
mozilla firefox 14.0.1
mozilla firefox 0.1
mozilla firefox 4.0
mozilla firefox 3.6.2
mozilla firefox 0.8
mozilla firefox 2.0.0.12
mozilla firefox 1.5
mozilla firefox 3.0.17
mozilla firefox 3.5.3
mozilla firefox 3.0.7
mozilla firefox 1.5.2
mozilla firefox 15.0.1
mozilla firefox 8.0
mozilla firefox 3.0.9
mozilla firefox 1.5.0.6
mozilla firefox 1.8
mozilla firefox 3.6.3
mozilla firefox 2.0.0.2
mozilla firefox 1.5.0.10
mozilla firefox 1.5.0.3
mozilla firefox 3.5.6
mozilla firefox 3.0.8
mozilla firefox 1.5.0.11
mozilla firefox 1.4.1
mozilla firefox 1.5.4
mozilla firefox 10.0
mozilla firefox 1.0.2
mozilla firefox 3.5
mozilla firefox 3.5.5
mozilla firefox 3.0.4
mozilla firefox 3.5.9
mozilla firefox 3.5.4
mozilla firefox 3.5.7
mozilla firefox 3.0.5
mozilla firefox 3.5.11
mozilla firefox 0.9.1
mozilla firefox 3.5.14
mozilla firefox 3.6.25
mozilla firefox 1.0.4
mozilla firefox 3.6.15
mozilla firefox 2.0.0.7
mozilla firefox 1.0.7
mozilla firefox 3.5.10
mozilla firefox 3.5.1
mozilla firefox 2.0.0.9
mozilla firefox 0.10.1
mozilla firefox 5.0.1
mozilla firefox 5.0
mozilla firefox 7.0
mozilla firefox 3.0.14
mozilla firefox 3.5.2
mozilla firefox 0.9
mozilla firefox 3.6.17
mozilla firefox 2.0.0.16
mozilla firefox 3.6.11
mozilla firefox 1.5.6
mozilla firefox 2.0.0.17
mozilla firefox 6.0.2
mozilla firefox 3.6.8
mozilla firefox 0.7
mozilla firefox 2.0.0.15
mozilla firefox 3.0.10
mozilla firefox 0.2
mozilla firefox 13.0
mozilla firefox 0.3
mozilla firefox 12.0
mozilla firefox 3.6.9
mozilla firefox 3.6.24
mozilla firefox 6.0.1
mozilla firefox 3.6.14
mozilla firefox 10.0.2
mozilla firefox 3.0.12
mozilla firefox 1.0
mozilla firefox 3.0.3
mozilla firefox 1.5.0.7
mozilla firefox 3.6.12
mozilla firefox 2.0
mozilla firefox 1.0.1
mozilla firefox 10.0.1
mozilla firefox 3.6.23
mozilla firefox 2.0.0.14
mozilla firefox 0.6
mozilla firefox 0.7.1
mozilla firefox 3.0.6
mozilla firefox 3.0.15
mozilla firefox 1.5.0.8
mozilla firefox 2.0.0.3
mozilla firefox 3.5.12
mozilla firefox 1.5.0.9
mozilla firefox 3.6.6
mozilla firefox 1.5.0.5
mozilla firefox 1.5.7
mozilla firefox 16.0
mozilla firefox 1.5.0.12
mozilla firefox 2.0.0.6
mozilla firefox 3.0
mozilla firefox 3.6.21
mozilla firefox 15.0
mozilla firefox 2.0.0.11
mozilla firefox 1.5.0.2
mozilla firefox 3.6.16
mozilla firefox 1.0.3
mozilla firefox 3.0.1
mozilla firefox 2.0.0.4
mozilla firefox 0.5
mozilla firefox 0.6.1
mozilla firefox 1.5.1
mozilla firefox 3.6.10
mozilla firefox 0.9.3
mozilla firefox 2.0.0.13
mozilla firefox 2.0.0.18
mozilla firefox 3.6.19
mozilla firefox 11.0
mozilla firefox 3.5.13
mozilla firefox 2.0.0.1
mozilla firefox 3.0.2
mozilla firefox 6.0
mozilla firefox 3.5.8
mozilla firefox 3.6.7
mozilla firefox 1.5.5
mozilla firefox 0.9.2
mozilla firefox 3.6.4
mozilla firefox 3.6.18
mozilla firefox 16.0.1
mozilla firefox
mozilla firefox 3.5.15
mozilla firefox 3.6.20
mozilla firefox 3.6
mozilla firefox 2.0.0.20
mozilla firefox 7.0.1
mozilla firefox 14.0
mozilla firefox 2.0.0.8
mozilla firefox 3.6.22
mozilla firefox 2.0.0.19
mozilla firefox 1.5.8
mozilla firefox 3.6.13
mozilla firefox 1.5.3
mozilla firefox 8.0.1
mozilla firefox 0.4
mozilla firefox 9.0.1
mozilla firefox 1.5.0.4
mozilla firefox 1.5.0.1
mozilla firefox 3.0.13
mozilla firefox 0.10
mozilla firefox 1.0.5
mozilla firefox 2.0.0.5
mozilla firefox 9.0
mozilla firefox 2.0.0.10
mozilla firefox 1.0.6
mozilla firefox 3.0.16
mozilla firefox 1.0.8
mozilla firefox 4.0.1
mozilla firefox 3.0.11

This update provides compatible ubufox packages for the latest Firefox ...

Regressions were introduced in the last Firefox update ...

Several security issues were fixed in Firefox ...

Mozilla Foundation Security Advisory 2012-95 Javascript: URLs run in privileged context on New Tab page Announced November 20, 2012 Reporter kakzzng@gmailcom Impact Moderate Products Firefox Fixed in ...

CWE-264 http://www.mozilla.org/security/announce/2012/mfsa2012-95.html https://bugzilla.mozilla.org/show_bug.cgi?id=765628 http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html http://www.ubuntu.com/usn/USN-1638-1 http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html http://www.ubuntu.com/usn/USN-1638-3 http://www.ubuntu.com/usn/USN-1638-2 http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html http://www.securityfocus.com/bid/56623 http://secunia.com/advisories/51434 http://secunia.com/advisories/51439 http://secunia.com/advisories/51369 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16503 https://nvd.nist.gov https://usn.ubuntu.com/1638-2/

Get Started

CVE-2012-4203

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect