• Security Center
  • Security Advisories
  • Known Vulnerabilities
  • Bug Bounty
  • Security Blog

You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2012-104

Mozilla Foundation Security Advisory 2012-104

Title: CSS and HTML injection through Style Inspector
Impact: Critical
Announced: November 20, 2012
Reporter: Mariusz Mlynski
Products: Firefox

Fixed in: Firefox 17.0
  Firefox ESR 10.0.11

Description

Security researcher Mariusz Mlynski reported that when a maliciously crafted stylesheet is inspected in the Style Inspector, HTML and CSS can run in a chrome privileged context without being properly sanitized first. This can lead to arbitrary code execution.

References

• Arbitrary code execution from Style Inspector
• CVE-2012-4210