PT-2012-2576 · Mozilla+3 · Firefox+7
Soroush Dalili
·
Publicado
2012-03-13
·
Atualizado
2024-12-12
·
CVE-2012-0455
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Mozilla Firefox versions 4.x through 10.0
Mozilla Firefox version 3.6.28 and earlier
Firefox ESR versions 10.x through 10.0.2
Thunderbird versions 5.0 through 10.0
Thunderbird version 3.1.20 and earlier
Thunderbird ESR versions 10.x through 10.0.2
SeaMonkey version 2.8 and earlier
Description
The issue allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web page, related to a "DragAndDropJacking" issue, due to improper restriction of drag-and-drop operations on javascript: URLs.
Recommendations
For Mozilla Firefox versions 4.x through 10.0, update to a version after 10.0.
For Mozilla Firefox version 3.6.28 and earlier, update to a version after 3.6.28.
For Firefox ESR versions 10.x through 10.0.2, update to version 10.0.3 or later.
For Thunderbird versions 5.0 through 10.0, update to a version after 10.0.
For Thunderbird version 3.1.20 and earlier, update to a version after 3.1.20.
For Thunderbird ESR versions 10.x through 10.0.2, update to version 10.0.3 or later.
For SeaMonkey version 2.8 and earlier, update to a version after 2.8.
Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Centos
Firefox Esr
Firefox
Red Hat
Seamonkey
Suse
Thunderbird
Thunderbird Esr