Lucene search
Mozilla FoundationMFSA2012-13HistoryMar 13, 2012 - 12:00 a.m.
XSS with Drag and Drop and Javascript: URL — Mozilla
2012-03-1300:00:00
Mozilla Foundation
www.mozilla.org
15
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
71.6%
Firefox prevents the dropping of javascript: links onto a frame to prevent malicious sites from tricking users into performing a cross-site scripting (XSS) attacks on themselves. Security researcher Soroush Dalili reported a way to bypass this protection.
Affected configurations
Node
mozillafirefoxRange<11
ORmozillafirefoxRange<3.6.28
ORmozillafirefox_esrRange<10.0.3
ORmozillaseamonkeyRange<2.8
ORmozillathunderbirdRange<11
ORmozillathunderbirdRange<3.1.20
ORmozillathunderbird_esrRange<10.0.3
| CPE | Name | Operator | Version |
|---|---|---|---|
| firefox | lt | 11 | |
| firefox | lt | 3.6.28 | |
| firefox esr | lt | 10.0.3 | |
| seamonkey | lt | 2.8 | |
| thunderbird | lt | 11 | |
| thunderbird | lt | 3.1.20 | |
| thunderbird esr | lt | 10.0.3 |
Related
cve
cve
CVE-2012-0455
2012-03-14 19:55:01
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2012-13) - Linux
2021-11-16 00:00:00
Debian: Security Advisory (DSA-2437-1)
2012-04-30 00:00:00
Debian Security Advisory DSA 2437-1 (icedove)
2012-04-30 00:00:00
veracode
veracode
Cross-site Scripting (XSS)
2020-04-10 01:07:54
cvelist
cvelist
CVE-2012-0455
2012-03-14 19:00:00
ubuntucve
ubuntucve
CVE-2012-0455
2012-03-14 00:00:00
prion
prion
Cross site scripting
2012-03-14 19:55:00
nvd
nvd
CVE-2012-0455
2012-03-14 19:55:01
nessus
nessus
Debian DSA-2437-1 : icedove - several vulnerabilities
2012-03-22 00:00:00
Debian DSA-2433-1 : iceweasel - several vulnerabilities
2012-03-16 00:00:00
Ubuntu 10.04 LTS / 10.10 / 11.04 : thunderbird vulnerabilities (USN-1401-2)
2012-03-26 00:00:00
debian
debian
[SECURITY] [DSA 2437-1] icedove security update
2012-03-21 18:58:26
[SECURITY] [DSA 2433-1] iceweasel security update
2012-03-15 21:42:10
[SECURITY] [DSA 2548-1] iceape security update
2012-04-24 20:56:27
osv
osv
icedove - several
2012-03-21 00:00:00
iceweasel - several
2012-03-15 00:00:00
iceape - several
2012-05-13 00:00:00
ubuntu
ubuntu
Xulrunner vulnerabilities
2012-03-19 00:00:00
Thunderbird vulnerabilities
2012-03-23 00:00:00
Thunderbird vulnerabilities
2012-03-21 00:00:00
suse
suse
Security update for Mozilla Firefox (critical)
2012-03-29 06:08:20
Security update for Mozilla Firefox (critical)
2012-03-28 21:08:31
Firefox update to 31.1esr (important)
2014-09-09 18:04:16
oraclelinux
oraclelinux
thunderbird security update
2012-03-14 00:00:00
firefox security and bug fix update
2012-03-14 00:00:00
centos
centos
thunderbird security update
2012-03-14 11:41:24
firefox, xulrunner security update
2012-03-14 11:23:06
redhat
redhat
(RHSA-2012:0388) Critical: thunderbird security update
2012-03-14 00:00:00
(RHSA-2012:0387) Critical: firefox security and bug fix update
2012-03-14 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2012-03-13 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2012-03-17 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
71.6%
Related for MFSA2012-13