CVE-2012-0455

N/A Unknown
Published: March 14, 2012 Modified: April 29, 2026
View on NVD

Description

Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict drag-and-drop operations on javascript: URLs, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web page, related to a "DragAndDropJacking" issue.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html
Source: cve@mitre.org
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html
Source: cve@mitre.org
http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html
Source: cve@mitre.org
Mailing List Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-0387.html
Source: cve@mitre.org
http://rhn.redhat.com/errata/RHSA-2012-0388.html
Source: cve@mitre.org
http://secunia.com/advisories/48359
Source: cve@mitre.org
http://secunia.com/advisories/48402
Source: cve@mitre.org
http://secunia.com/advisories/48414
Source: cve@mitre.org
http://secunia.com/advisories/48495
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/48496
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/48513
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/48553
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/48561
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/48624
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/48629
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/48823
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/48920
Source: cve@mitre.org
Third Party Advisory
http://www.debian.org/security/2012/dsa-2433
Source: cve@mitre.org
Third Party Advisory
http://www.debian.org/security/2012/dsa-2458
Source: cve@mitre.org
http://www.mandriva.com/security/advisories?name=MDVSA-2012:031
Source: cve@mitre.org
http://www.mandriva.com/security/advisories?name=MDVSA-2012:032
Source: cve@mitre.org
http://www.mozilla.org/security/announce/2012/mfsa2012-13.html
Source: cve@mitre.org
Vendor Advisory
http://www.securityfocus.com/bid/52458
Source: cve@mitre.org
http://www.securitytracker.com/id?1026801
Source: cve@mitre.org
http://www.securitytracker.com/id?1026803
Source: cve@mitre.org
http://www.securitytracker.com/id?1026804
Source: cve@mitre.org
http://www.ubuntu.com/usn/USN-1400-1
Source: cve@mitre.org
http://www.ubuntu.com/usn/USN-1400-2
Source: cve@mitre.org
Third Party Advisory
http://www.ubuntu.com/usn/USN-1400-3
Source: cve@mitre.org
Third Party Advisory
http://www.ubuntu.com/usn/USN-1400-4
Source: cve@mitre.org
Third Party Advisory
http://www.ubuntu.com/usn/USN-1400-5
Source: cve@mitre.org
Third Party Advisory
http://www.ubuntu.com/usn/USN-1401-1
Source: cve@mitre.org
Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=704354
Source: cve@mitre.org
Issue Tracking Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14829
Source: cve@mitre.org
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-0387.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://rhn.redhat.com/errata/RHSA-2012-0388.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/48359
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/48402
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/48414
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/48495
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/48496
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/48513
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/48553
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/48561
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/48624
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/48629
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/48823
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/48920
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.debian.org/security/2012/dsa-2433
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.debian.org/security/2012/dsa-2458
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.mandriva.com/security/advisories?name=MDVSA-2012:031
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.mandriva.com/security/advisories?name=MDVSA-2012:032
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.mozilla.org/security/announce/2012/mfsa2012-13.html
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securityfocus.com/bid/52458
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securitytracker.com/id?1026801
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securitytracker.com/id?1026803
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securitytracker.com/id?1026804
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.ubuntu.com/usn/USN-1400-1
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.ubuntu.com/usn/USN-1400-2
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.ubuntu.com/usn/USN-1400-3
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.ubuntu.com/usn/USN-1400-4
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.ubuntu.com/usn/USN-1400-5
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.ubuntu.com/usn/USN-1401-1
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=704354
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14829
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

68 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
1.8%
75th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-79

Affected Vendors

mozilla

Related CVEs

CVE-2026-9677 N/A
CVE-2026-13245 6.1
CVE-2026-12404 5.3
CVE-2026-10820 N/A
CVE-2026-12415 9.8