CVE-2012-1944 (retired)

Priority
Description
The Content Security Policy (CSP) implementation in Mozilla Firefox 4.x
through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0,
Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not
block inline event handlers, which makes it easier for remote attackers to
conduct cross-site scripting (XSS) attacks via a crafted HTML document.
Package
Upstream:released (13.0)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (15.0.1+build1-0ubuntu2)
Package
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Package
Upstream:released (13.0.1)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (15.0~b1+build1-0ubuntu1)
Package
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Package
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):DNE
More Information

Updated: 2019-03-26 12:01:34 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)