Lucene search
Mozilla FoundationMFSA2012-13HistoryMar 13, 2012 - 12:00 a.m.
XSS with Drag and Drop and Javascript: URL — Mozilla
2012-03-1300:00:00
Mozilla Foundation
www.mozilla.org
32
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
0.003
Percentile
71.5%
Firefox prevents the dropping of javascript: links onto a frame to prevent malicious sites from tricking users into performing a cross-site scripting (XSS) attacks on themselves. Security researcher Soroush Dalili reported a way to bypass this protection.
Affected configurations
Node
mozillafirefoxRange<11
ORmozillafirefoxRange<3.6.28
ORmozillafirefox_esrRange<10.0.3
ORmozillaseamonkeyRange<2.8
ORmozillathunderbirdRange<11
ORmozillathunderbirdRange<3.1.20
ORmozillathunderbird_esrRange<10.0.3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mozilla | firefox | * | cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* |
| mozilla | firefox_esr | * | cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* |
| mozilla | seamonkey | * | cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:* |
| mozilla | thunderbird | * | cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* |
| mozilla | thunderbird_esr | * | cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2012-0455
2012-03-14 19:00:00
nvd
nvd
CVE-2012-0455
2012-03-14 19:55:01
ubuntucve
ubuntucve
CVE-2012-0455
2012-03-14 00:00:00
prion
prion
Cross site scripting
2012-03-14 19:55:00
veracode
veracode
Cross-site Scripting (XSS)
2020-04-10 01:07:54
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2012-13) - Linux
2021-11-16 00:00:00
Debian Security Advisory DSA 2433-1 (iceweasel)
2012-04-30 00:00:00
Debian: Security Advisory (DSA-2437-1)
2012-04-30 00:00:00
cve
cve
CVE-2012-0455
2012-03-14 19:55:01
nessus
nessus
Debian DSA-2437-1 : icedove - several vulnerabilities
2012-03-22 00:00:00
Debian DSA-2433-1 : iceweasel - several vulnerabilities
2012-03-16 00:00:00
Firefox 3.6.x < 3.6.28 Multiple Vulnerabilities (Mac OS X)
2012-03-15 00:00:00
debian
debian
[SECURITY] [DSA 2437-1] icedove security update
2012-03-21 18:58:26
[SECURITY] [DSA 2433-1] iceweasel security update
2012-03-15 21:42:10
[SECURITY] [DSA 2548-1] iceape security update
2012-04-24 20:56:27
osv
osv
iceweasel - several
2012-03-15 00:00:00
icedove - several
2012-03-21 00:00:00
iceape - several
2012-05-13 00:00:00
ubuntu
ubuntu
Xulrunner vulnerabilities
2012-03-19 00:00:00
Thunderbird vulnerabilities
2012-03-23 00:00:00
Firefox vulnerabilities
2012-03-16 00:00:00
suse
suse
Security update for Mozilla Firefox (critical)
2012-03-29 06:08:20
Security update for Mozilla Firefox (critical)
2012-03-28 21:08:31
Firefox update to 31.1esr (important)
2014-09-09 18:04:16
oraclelinux
oraclelinux
firefox security and bug fix update
2012-03-14 00:00:00
thunderbird security update
2012-03-14 00:00:00
centos
centos
thunderbird security update
2012-03-14 11:41:24
firefox, xulrunner security update
2012-03-14 11:23:06
redhat
redhat
(RHSA-2012:0388) Critical: thunderbird security update
2012-03-14 00:00:00
(RHSA-2012:0387) Critical: firefox security and bug fix update
2012-03-14 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2012-03-13 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2012-03-17 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
0.003
Percentile
71.5%
Related for MFSA2012-13