Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2012-0455

Опубликовано: 13 мар. 2012
Источник: redhat
CVSS2: 4.3
EPSS Низкий

Описание

Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict drag-and-drop operations on javascript: URLs, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web page, related to a "DragAndDropJacking" issue.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 4firefoxWill not fix
Red Hat Enterprise Linux 5firefoxFixedRHSA-2012:038714.03.2012
Red Hat Enterprise Linux 5xulrunnerFixedRHSA-2012:038714.03.2012
Red Hat Enterprise Linux 5thunderbirdFixedRHSA-2012:038814.03.2012
Red Hat Enterprise Linux 6firefoxFixedRHSA-2012:038714.03.2012
Red Hat Enterprise Linux 6xulrunnerFixedRHSA-2012:038714.03.2012
Red Hat Enterprise Linux 6thunderbirdFixedRHSA-2012:038814.03.2012

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=803119Mozilla: XSS with Drag and Drop and Javascript: URL (MFSA 2012-13)

EPSS

Процентиль: 76%
0.01014
Низкий

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2012-0455

ubuntu
больше 13 лет назад

Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict drag-and-drop operations on javascript: URLs, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web page, related to a "DragAndDropJacking" issue.

nvd логотип

CVE-2012-0455

nvd
больше 13 лет назад

Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict drag-and-drop operations on javascript: URLs, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web page, related to a "DragAndDropJacking" issue.

debian логотип

CVE-2012-0455

debian
больше 13 лет назад

Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x b ...

github логотип

GHSA-v6mh-5q54-hvfp

github
больше 3 лет назад

Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict drag-and-drop operations on javascript: URLs, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web page, related to a "DragAndDropJacking" issue.

oracle-oval логотип

ELSA-2012-0388

oracle-oval
больше 13 лет назад

ELSA-2012-0388: thunderbird security update (CRITICAL)

EPSS

Процентиль: 76%
0.01014
Низкий

4.3 Medium

CVSS2