{
  "threat_severity" : "Critical",
  "public_date" : "2012-11-20T00:00:00Z",
  "bugzilla" : {
    "description" : "Mozilla: CSS and HTML injection through Style Inspector (MFSA 2012-104)",
    "id" : "877633",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=877633"
  },
  "cvss" : {
    "cvss_base_score" : "6.8",
    "cvss_scoring_vector" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
    "status" : "verified"
  },
  "details" : [ "The Style Inspector in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 does not properly restrict the context of HTML markup and Cascading Style Sheets (CSS) token sequences, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted stylesheet." ],
  "acknowledgement" : "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Mariusz Mlynski as the original reporter.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2012-11-20T00:00:00Z",
    "advisory" : "RHSA-2012:1482",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "firefox-0:10.0.11-1.el5_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2012-11-20T00:00:00Z",
    "advisory" : "RHSA-2012:1482",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "xulrunner-0:10.0.11-1.el5_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2012-11-20T00:00:00Z",
    "advisory" : "RHSA-2012:1482",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "firefox-0:10.0.11-1.el6_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2012-11-20T00:00:00Z",
    "advisory" : "RHSA-2012:1482",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "xulrunner-0:10.0.11-1.el6_3"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "thunderbird",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "thunderbird",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2012-4210\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-4210\nhttp://www.mozilla.org/security/announce/2012/mfsa2012-104.html" ],
  "name" : "CVE-2012-4210",
  "csaw" : false
}