mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 02:31:38 +00:00
811 B
811 B
CVE-2012-1966
Description
Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not have the same context-menu restrictions for data: URLs as for javascript: URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.
POC
Reference
- http://rhn.redhat.com/errata/RHSA-2012-1088.html
- http://www.ubuntu.com/usn/USN-1509-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=734076
Github
No PoCs found on GitHub currently.