CVE-2012-5851

NameCVE-2012-5851
Descriptionhtml/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remote attackers to bypass a cross-site scripting (XSS) protection mechanism via a crafted string, aka rdar problem 12019108.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
chromium-browser (PTS)jessie (security), jessie57.0.2987.98-1~deb8u1vulnerable
stretch69.0.3497.92-1~deb9u1vulnerable
stretch (security)70.0.3538.67-1~deb9u1vulnerable
buster70.0.3538.67-2vulnerable
sid70.0.3538.102-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
chromium-browsersource(unstable)(unfixed)unimportant
webkitsource(unstable)(unfixed)unimportant

Notes

https://bugs.webkit.org/show_bug.cgi?id=92692
Incomplete mitigation feature, not a security vulnerability per se

Search for package or bug name: Reporting problems