Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-h3nn-6nww-fubf
Vulnerability ID VCID-h3nn-6nww-fubf
Aliases CVE-2012-1963
Summary Security researcher Karthikeyan Bhargavan of Prosecco at INRIA reported Content Security Policy (CSP) 1.0 implementation errors. CSP violation reports generated by Firefox and sent to the "report-uri" location include sensitive data within the "blocked-uri" parameter. These include fragment components and query strings even if the "blocked-uri" parameter has a different origin than the protected resource. This can be used to retrieve a user's OAuth 2.0 access tokens and OpenID credentials by malicious sites.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.01487 https://api.first.org/data/v1/epss?cve=CVE-2012-1963
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2012-53
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1963.json
https://api.first.org/data/v1/epss?cve=CVE-2012-1963
840220 https://bugzilla.redhat.com/show_bug.cgi?id=840220
CVE-2012-1963 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1963
GLSA-201301-01 https://security.gentoo.org/glsa/201301-01
mfsa2012-53 https://www.mozilla.org/en-US/security/advisories/mfsa2012-53
RHSA-2012:1088 https://access.redhat.com/errata/RHSA-2012:1088
RHSA-2012:1089 https://access.redhat.com/errata/RHSA-2012:1089
USN-1509-1 https://usn.ubuntu.com/1509-1/
USN-1510-1 https://usn.ubuntu.com/1510-1/
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.81339
EPSS Score 0.01487
Published At May 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-29T08:27:28.318982+00:00 Mozilla Importer Import https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2012/mfsa2012-53.md 38.6.0