Lucene search

Mozilla FoundationMFSA2012-43

HistoryJul 17, 2012 - 12:00 a.m.

Incorrect URL displayed in addressbar through drag and drop — Mozilla

2012-07-1700:00:00

Mozilla Foundation

www.mozilla.org

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.026 Low

EPSS

Percentile

90.3%

JSON

Security researcher Mario Gomes andresearch firm Code Audit Labs reported a mechanism to short-circuit page loads through drag and drop to the addressbar by canceling the page load. This causes the address of the previously site entered to be displayed in the addressbar instead of the currently loaded page. This could lead to potential phishing attacks on users.

CPENameOperatorVersion
firefoxlt14
firefox esrlt10.0.6

CPE	Name	Operator	Version
	firefox	lt	14
	firefox esr	lt	10.0.6

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1950

bugzilla.mozilla.org/buglist.cgi?bug_id=724247,724599,725611

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.026 Low

EPSS

Percentile

90.3%

JSON

Related for MFSA2012-43