CVE-2012-4207
CVE-2012-4207
The HZ-GB-2312 character-set implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly handle a ~ (tilde) character in proximity to a chunk delimiter, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.htmlhttp://lists.opensuse.org/opensuse-updates/2012-11/msg00090.htmlhttp://lists.opensuse.org/opensuse-updates/2012-11/msg00092.htmlhttp://lists.opensuse.org/opensuse-updates/2012-11/msg00093.htmlhttp://osvdb.org/87587http://rhn.redhat.com/errata/RHSA-2012-1482.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1483.htmlhttps://bugzilla.mozilla.org/show_bug.cgi?id=801681http://secunia.com/advisories/51359http://secunia.com/advisories/51360http://secunia.com/advisories/51369