CSS Keyframe Denial of Service and Arbitrary Code Execution Vulnerability

CSS Keyframe Denial of Service and Arbitrary Code Execution Vulnerability

CVE-2012-0459 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The Cascading Style Sheets (CSS) implementation in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via dynamic modification of a keyframe followed by access to the cssText of the keyframe.

Learn more about our Cis Benchmark Audit For Mozilla Firefox.