1. Home
  2. Vulnerabilities
  3. CVE-2012-4207

CVE-2012-4207

CVSS v2.0 4.3 (Medium)
43% Progress
EPSS 0.32 % (71th)
0.32% Progress
Affected Products 15
Advisories 8
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

The HZ-GB-2312 character-set implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly handle a ~ (tilde) character in proximity to a chunk delimiter, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document.

Weaknesses
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2012-11-21 12:55:02
(11 years ago)
Updated Date
2020-08-13 19:20:45
(4 years ago)

Affected Products

Canonical

Debian

Mozilla

Opensuse

Redhat

Suse

Configuration #1

    CPE23 From Up To
  Mozilla Firefox prior 17.0 version cpe:2.3:a:mozilla:firefox < 17.0
  Mozilla Firefox Esr from 10.0 version and prior 10.0.11 version cpe:2.3:a:mozilla:firefox_esr >= 10.0 < 10.0.11
  Mozilla Seamonkey prior 2.14 version cpe:2.3:a:mozilla:seamonkey < 2.14
  Mozilla Thunderbird prior 17.0 version cpe:2.3:a:mozilla:thunderbird < 17.0
  Mozilla Thunderbird Esr from 10.0 version and prior 10.0.11 version cpe:2.3:a:mozilla:thunderbird_esr >= 10.0 < 10.0.11

Configuration #2

    CPE23 From Up To
  Opensuse 11.4 cpe:2.3:o:opensuse:opensuse:11.4
  Opensuse 12.1 cpe:2.3:o:opensuse:opensuse:12.1
  Opensuse 12.2 cpe:2.3:o:opensuse:opensuse:12.2
  Suse Linux Enterprise Desktop 10 SP4 cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4
  Suse Linux Enterprise Desktop 11 SP2 cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2
  Suse Linux Enterprise Server 10 SP4 cpe:2.3:o:suse:linux_enterprise_server:10:sp4
  Suse Linux Enterprise Server 11 SP2 cpe:2.3:o:suse:linux_enterprise_server:11:sp2
  Suse Linux Enterprise Server 11 SP2 for Vmware cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware
  Suse Linux Enterprise Software Development Kit 10 SP4 cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4
  Suse Linux Enterprise Software Development Kit 11 SP2 cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2

Configuration #3

    CPE23 From Up To
  Redhat Enterprise Linux Desktop 5.0 cpe:2.3:o:redhat:enterprise_linux_desktop:5.0
  Redhat Enterprise Linux Desktop 6.0 cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
  Redhat Enterprise Linux Eus 6.3 cpe:2.3:o:redhat:enterprise_linux_eus:6.3
  Redhat Enterprise Linux Server 5.0 cpe:2.3:o:redhat:enterprise_linux_server:5.0
  Redhat Enterprise Linux Server 6.0 cpe:2.3:o:redhat:enterprise_linux_server:6.0
  Redhat Enterprise Linux Workstation 5.0 cpe:2.3:o:redhat:enterprise_linux_workstation:5.0
  Redhat Enterprise Linux Workstation 6.0 cpe:2.3:o:redhat:enterprise_linux_workstation:6.0

Configuration #4

    CPE23 From Up To
  Debian Linux 6.0 cpe:2.3:o:debian:debian_linux:6.0
  Debian Linux 7.0 cpe:2.3:o:debian:debian_linux:7.0

Configuration #5

    CPE23 From Up To
  Canonical Ubuntu Linux 10.04 cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-
  Canonical Ubuntu Linux 11.10 cpe:2.3:o:canonical:ubuntu_linux:11.10
  Canonical Ubuntu Linux 12.04 cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm
  Canonical Ubuntu Linux 12.10 cpe:2.3:o:canonical:ubuntu_linux:12.10