CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
71.5%
Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before
10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR
10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict
drag-and-drop operations on javascript: URLs, which allows user-assisted
remote attackers to conduct cross-site scripting (XSS) attacks via a
crafted web page, related to a “DragAndDropJacking” issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | firefox | < 11.0+build1-0ubuntu0.10.04.2 | UNKNOWN |
ubuntu | 10.10 | noarch | firefox | < 11.0+build1-0ubuntu0.10.10.2 | UNKNOWN |
ubuntu | 11.04 | noarch | firefox | < 11.0+build1-0ubuntu0.11.04.1 | UNKNOWN |
ubuntu | 11.10 | noarch | firefox | < 11.0+build1-0ubuntu0.11.10.1 | UNKNOWN |
ubuntu | 10.04 | noarch | thunderbird | < 3.1.20+build1+nobinonly-0ubuntu0.10.04.1 | UNKNOWN |
ubuntu | 10.10 | noarch | thunderbird | < 3.1.20+build1+nobinonly-0ubuntu0.10.10.1 | UNKNOWN |
ubuntu | 11.04 | noarch | thunderbird | < 3.1.20+build1+nobinonly-0ubuntu0.11.04.1 | UNKNOWN |
ubuntu | 11.10 | noarch | thunderbird | < 11.0+build1-0ubuntu0.11.10.1 | UNKNOWN |
ubuntu | 10.04 | noarch | xulrunner-1.9.2 | < 1.9.2.28+build1+nobinonly-0ubuntu0.10.04.1 | UNKNOWN |
ubuntu | 10.10 | noarch | xulrunner-1.9.2 | < 1.9.2.28+build1+nobinonly-0ubuntu0.10.10.1 | UNKNOWN |
launchpad.net/bugs/cve/CVE-2012-0455
nvd.nist.gov/vuln/detail/CVE-2012-0455
security-tracker.debian.org/tracker/CVE-2012-0455
ubuntu.com/security/notices/USN-1400-1
ubuntu.com/security/notices/USN-1400-3
ubuntu.com/security/notices/USN-1401-1
ubuntu.com/security/notices/USN-1401-2
www.cve.org/CVERecord?id=CVE-2012-0455