CVE-2012-0455
Mozilla: XSS with Drag and Drop and Javascript: URL (MFSA 2012-13)
Severity Score
4.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict drag-and-drop operations on javascript: URLs, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web page, related to a "DragAndDropJacking" issue.
Mozilla Firefox antes de v3.6.28 y v4.x hasta v10.0, Firefox ESR v10.x antes de v10.0.3, Thunderbird antes de v3.1.20 y v5.0 hasta v10.0, Thunderbird ESR v10.x antes de v10.0.3, y SeaMonkey antes de v2.8 no restringen adecuadamente arrastrar y soltar en javascript: URLs, lo que permite a atacantes remotos asistidos por el usuario realizar ataques de ejecución de secuencias de comandos en sitios cruzados a través de una página web modificada, relacionado con un problema "DragAndDropJacking".
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-01-09 CVE Reserved
- 2012-03-14 CVE Published
- 2024-08-06 CVE Updated
- 2024-10-22 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (36)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | <= 3.6.27 Search vendor "Mozilla" for product "Firefox" and version " <= 3.6.27" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 4.0 Search vendor "Mozilla" for product "Firefox" and version "4.0" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 4.0 Search vendor "Mozilla" for product "Firefox" and version "4.0" | beta1 |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 4.0 Search vendor "Mozilla" for product "Firefox" and version "4.0" | beta10 |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 4.0 Search vendor "Mozilla" for product "Firefox" and version "4.0" | beta11 |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 4.0 Search vendor "Mozilla" for product "Firefox" and version "4.0" | beta12 |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 4.0 Search vendor "Mozilla" for product "Firefox" and version "4.0" | beta2 |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 4.0 Search vendor "Mozilla" for product "Firefox" and version "4.0" | beta3 |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 4.0 Search vendor "Mozilla" for product "Firefox" and version "4.0" | beta4 |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 4.0 Search vendor "Mozilla" for product "Firefox" and version "4.0" | beta5 |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 4.0 Search vendor "Mozilla" for product "Firefox" and version "4.0" | beta6 |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 4.0 Search vendor "Mozilla" for product "Firefox" and version "4.0" | beta7 |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 4.0 Search vendor "Mozilla" for product "Firefox" and version "4.0" | beta8 |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 4.0 Search vendor "Mozilla" for product "Firefox" and version "4.0" | beta9 |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 4.0.1 Search vendor "Mozilla" for product "Firefox" and version "4.0.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 5.0 Search vendor "Mozilla" for product "Firefox" and version "5.0" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 5.0.1 Search vendor "Mozilla" for product "Firefox" and version "5.0.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 6.0 Search vendor "Mozilla" for product "Firefox" and version "6.0" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 6.0.1 Search vendor "Mozilla" for product "Firefox" and version "6.0.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 6.0.2 Search vendor "Mozilla" for product "Firefox" and version "6.0.2" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 7.0 Search vendor "Mozilla" for product "Firefox" and version "7.0" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 7.0.1 Search vendor "Mozilla" for product "Firefox" and version "7.0.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 8.0 Search vendor "Mozilla" for product "Firefox" and version "8.0" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 8.0.1 Search vendor "Mozilla" for product "Firefox" and version "8.0.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 9.0 Search vendor "Mozilla" for product "Firefox" and version "9.0" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 9.0.1 Search vendor "Mozilla" for product "Firefox" and version "9.0.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | 10.0 Search vendor "Mozilla" for product "Firefox Esr" and version "10.0" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | 10.1 Search vendor "Mozilla" for product "Firefox Esr" and version "10.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | 10.2 Search vendor "Mozilla" for product "Firefox Esr" and version "10.2" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Thunderbird Search vendor "Mozilla" for product "Thunderbird" | <= 3.1.19 Search vendor "Mozilla" for product "Thunderbird" and version " <= 3.1.19" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Thunderbird Search vendor "Mozilla" for product "Thunderbird" | 5.0 Search vendor "Mozilla" for product "Thunderbird" and version "5.0" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Thunderbird Search vendor "Mozilla" for product "Thunderbird" | 6.0 Search vendor "Mozilla" for product "Thunderbird" and version "6.0" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Thunderbird Search vendor "Mozilla" for product "Thunderbird" | 6.0.1 Search vendor "Mozilla" for product "Thunderbird" and version "6.0.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Thunderbird Search vendor "Mozilla" for product "Thunderbird" | 6.0.2 Search vendor "Mozilla" for product "Thunderbird" and version "6.0.2" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Thunderbird Search vendor "Mozilla" for product "Thunderbird" | 8.0 Search vendor "Mozilla" for product "Thunderbird" and version "8.0" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Thunderbird Search vendor "Mozilla" for product "Thunderbird" | 9.0 Search vendor "Mozilla" for product "Thunderbird" and version "9.0" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Thunderbird Search vendor "Mozilla" for product "Thunderbird" | 9.0.1 Search vendor "Mozilla" for product "Thunderbird" and version "9.0.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Thunderbird Esr Search vendor "Mozilla" for product "Thunderbird Esr" | 10.0 Search vendor "Mozilla" for product "Thunderbird Esr" and version "10.0" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Thunderbird Esr Search vendor "Mozilla" for product "Thunderbird Esr" | 10.0.1 Search vendor "Mozilla" for product "Thunderbird Esr" and version "10.0.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Thunderbird Esr Search vendor "Mozilla" for product "Thunderbird Esr" | 10.0.2 Search vendor "Mozilla" for product "Thunderbird Esr" and version "10.0.2" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | <= 2.7 Search vendor "Mozilla" for product "Seamonkey" and version " <= 2.7" | beta5 |
Affected
| ||||||