CVE-2012-0455

Priority
Low
Description
Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before
10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR
10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict
drag-and-drop operations on javascript: URLs, which allows user-assisted
remote attackers to conduct cross-site scripting (XSS) attacks via a
crafted web page, related to a "DragAndDropJacking" issue.
References
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):not-affected
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):not-affected
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:40:23 UTC (commit 9756)