CVE-2012-0455
Priority
Low
Description
Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before
10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR
10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict
drag-and-drop operations on javascript: URLs, which allows user-assisted
remote attackers to conduct cross-site scripting (XSS) attacks via a
crafted web page, related to a "DragAndDropJacking" issue.
10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR
10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict
drag-and-drop operations on javascript: URLs, which allows user-assisted
remote attackers to conduct cross-site scripting (XSS) attacks via a
crafted web page, related to a "DragAndDropJacking" issue.
References
Package
| Upstream: | needs-triage |
| Ubuntu 8.04 LTS (Hardy Heron): | ignored (reached end-of-life) |
| Ubuntu 10.04 LTS (Lucid Lynx): | released (3.1.20+build1+nobinonly-0ubuntu0.10.04.1) |
| Ubuntu 11.10 (Oneiric Ocelot): | released (11.0+build1-0ubuntu0.11.10.1) |
| Ubuntu 12.04 LTS (Precise Pangolin): | not-affected |
| Ubuntu 12.10 (Quantal Quetzal): | not-affected |
| Ubuntu 13.04 (Raring Ringtail): | not-affected |
| Ubuntu 13.10 (Saucy Salamander): | not-affected |
Package
| Upstream: | needs-triage |
| Ubuntu 8.04 LTS (Hardy Heron): | DNE |
| Ubuntu 10.04 LTS (Lucid Lynx): | DNE |
| Ubuntu 11.10 (Oneiric Ocelot): | DNE |
| Ubuntu 12.04 LTS (Precise Pangolin): | DNE |
| Ubuntu 12.10 (Quantal Quetzal): | DNE |
| Ubuntu 13.04 (Raring Ringtail): | DNE |
| Ubuntu 13.10 (Saucy Salamander): | DNE |
Package
| Upstream: | needs-triage |
| Ubuntu 8.04 LTS (Hardy Heron): | ignored (reached end-of-life) |
| Ubuntu 10.04 LTS (Lucid Lynx): | released (11.0+build1-0ubuntu0.10.04.2) |
| Ubuntu 11.10 (Oneiric Ocelot): | released (11.0+build1-0ubuntu0.11.10.1) |
| Ubuntu 12.04 LTS (Precise Pangolin): | not-affected |
| Ubuntu 12.10 (Quantal Quetzal): | not-affected |
| Ubuntu 13.04 (Raring Ringtail): | not-affected |
| Ubuntu 13.10 (Saucy Salamander): | not-affected |
Package
| Upstream: | needs-triage |
| Ubuntu 8.04 LTS (Hardy Heron): | ignored (reached end-of-life) |
| Ubuntu 10.04 LTS (Lucid Lynx): | needs-triage |
| Ubuntu 11.10 (Oneiric Ocelot): | ignored (reached end-of-life) |
| Ubuntu 12.04 LTS (Precise Pangolin): | DNE |
| Ubuntu 12.10 (Quantal Quetzal): | DNE |
| Ubuntu 13.04 (Raring Ringtail): | DNE |
| Ubuntu 13.10 (Saucy Salamander): | DNE |
Package
| Upstream: | needs-triage |
| Ubuntu 8.04 LTS (Hardy Heron): | ignored (reached end-of-life) |
| Ubuntu 10.04 LTS (Lucid Lynx): | released (1.9.2.28+build1+nobinonly-0ubuntu0.10.04.1) |
| Ubuntu 11.10 (Oneiric Ocelot): | DNE |
| Ubuntu 12.04 LTS (Precise Pangolin): | DNE |
| Ubuntu 12.10 (Quantal Quetzal): | DNE |
| Ubuntu 13.04 (Raring Ringtail): | DNE |
| Ubuntu 13.10 (Saucy Salamander): | DNE |