CVE-2023-28164

Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. This vulnerability affects Firefox 111, Firefox ESR 102.9, and Thunderbird 102.9...

SUSE CVE-2010-1388

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6, and before 4.1 on Mac OS X 10.4, does not properly handle clipboard 1 drag and 2 paste operations for URLs, which allows user-assisted remote attackers to read arbitrary files via a crafted HTML document...

SUSE CVE-2018-5169

If manipulated hyperlinked text with "chrome:" URL contained in it is dragged and dropped on the "home" icon, the home page can be reset to include a normally-unlinkable chrome page as one of the home page tabs. This vulnerability affects Firefox 60...

Mozilla: URL being dragged from cross-origin iframe into same tab triggers navigation

The Mozilla Foundation Security Advisory describes this flaw as: Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks...

RHEL 8 : thunderbird (RHSA-2023:0457)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:0457 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.7.1. Security Fixes: Mozilla:...

Mozilla: URL being dragged from cross-origin iframe into same tab triggers navigation

The Mozilla Foundation Security Advisory describes this flaw as: Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks...

RHEL 7 : firefox (RHSA-2023:0296)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:0296 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

Code injection

WebKit in Apple Safari before 6.1.5 and 7.x before 7.0.5 allows user-assisted remote attackers to access file: URLs by leveraging a URL drag operation that originates at a crafted web site...

Mozilla Firefox浏览器强制URL拖放操作权限提升漏洞

CVECAN ID: CVE-2010-0178 Firefox是一款流行的开源WEB浏览器。 浏览器Applet可能错误的将单个鼠标点击动作解释为拖放操作，这可能导致在用户浏览器中非预期的加载资源。攻击者可以连续两次利用这种行为，第一次在用户浏览器中加载特权的chrome: URL，之后在同一文档之上加载恶意的javascript: URL，导致以chrome权限执行任意脚本。 Mozilla Firefox 3.6 Mozilla Firefox 3.5.x Mozilla Firefox 3.0.x Mozilla SeaMonkey 2.0.4 补丁安装方法： 1. 手工安装补丁...