Lucene search

[email protected]CVE-2012-0455

HistoryMar 14, 2012 - 7:55 p.m.

CVE-2012-0455

2012-03-1419:55:01

CWE-79

[email protected]

web.nvd.nist.gov

cve-2012-0455

mozilla firefox

thunderbird

seamonkey

xss

draganddropjacking

cross-site scripting

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

8.3 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.6%

JSON

Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict drag-and-drop operations on javascript: URLs, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web page, related to a “DragAndDropJacking” issue.

Affected configurations

NVD

Node

mozillafirefoxRange≤3.6.27

Node

mozillafirefoxMatch4.0

mozillafirefoxMatch4.0beta1

mozillafirefoxMatch4.0beta10

mozillafirefoxMatch4.0beta11

mozillafirefoxMatch4.0beta12

mozillafirefoxMatch4.0beta2

mozillafirefoxMatch4.0beta3

mozillafirefoxMatch4.0beta4

mozillafirefoxMatch4.0beta5

mozillafirefoxMatch4.0beta6

mozillafirefoxMatch4.0beta7

mozillafirefoxMatch4.0beta8

mozillafirefoxMatch4.0beta9

mozillafirefoxMatch4.0.1

mozillafirefoxMatch5.0

mozillafirefoxMatch5.0.1

mozillafirefoxMatch6.0

mozillafirefoxMatch6.0.1

mozillafirefoxMatch6.0.2

mozillafirefoxMatch7.0

mozillafirefoxMatch7.0.1

mozillafirefoxMatch8.0

mozillafirefoxMatch8.0.1

mozillafirefoxMatch9.0

mozillafirefoxMatch9.0.1

Node

mozillafirefox_esrMatch10.0

mozillafirefox_esrMatch10.1

mozillafirefox_esrMatch10.2

Node

mozillathunderbirdRange≤3.1.19

Node

mozillathunderbirdMatch5.0

mozillathunderbirdMatch6.0

mozillathunderbirdMatch6.0.1

mozillathunderbirdMatch6.0.2

mozillathunderbirdMatch8.0

mozillathunderbirdMatch9.0

mozillathunderbirdMatch9.0.1

Node

mozillathunderbird_esrMatch10.0

mozillathunderbird_esrMatch10.0.1

mozillathunderbird_esrMatch10.0.2

Node

mozillaseamonkeyRange≤2.7beta5

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxle3.6.27

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	le	3.6.27

References

lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html

lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html

lists.opensuse.org/opensuse-updates/2012-03/msg00042.html

rhn.redhat.com/errata/RHSA-2012-0387.html

rhn.redhat.com/errata/RHSA-2012-0388.html

secunia.com/advisories/48359

secunia.com/advisories/48402

secunia.com/advisories/48414

secunia.com/advisories/48495

secunia.com/advisories/48496

secunia.com/advisories/48513

secunia.com/advisories/48553

secunia.com/advisories/48561

secunia.com/advisories/48624

secunia.com/advisories/48629

secunia.com/advisories/48823

secunia.com/advisories/48920

www.debian.org/security/2012/dsa-2433

www.debian.org/security/2012/dsa-2458

www.mandriva.com/security/advisories?name=MDVSA-2012:031

www.mandriva.com/security/advisories?name=MDVSA-2012:032

www.mozilla.org/security/announce/2012/mfsa2012-13.html

www.securityfocus.com/bid/52458

www.securitytracker.com/id?1026801

www.securitytracker.com/id?1026803

www.securitytracker.com/id?1026804

www.ubuntu.com/usn/USN-1400-1

www.ubuntu.com/usn/USN-1400-2

www.ubuntu.com/usn/USN-1400-3

www.ubuntu.com/usn/USN-1400-4

www.ubuntu.com/usn/USN-1400-5

www.ubuntu.com/usn/USN-1401-1

bugzilla.mozilla.org/show_bug.cgi?id=704354

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14829

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

8.3 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.6%

JSON

Related for CVE-2012-0455

cvelist1 mozilla1 veracode1 ubuntucve1 prion1 nvd1 openvas49 nessus46 osv3 debian3 ubuntu7 suse3 redhat2 centos2 oraclelinux2 freebsd1 securityvulns1 gentoo1