CVE-2012-0458

N/A Unknown
Published: March 14, 2012 Modified: April 29, 2026
View on NVD

Description

Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict setting the home page through the dragging of a URL to the home button, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a javascript: URL that is later interpreted in the about:sessionrestore context.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html
Source: cve@mitre.org
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html
Source: cve@mitre.org
http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html
Source: cve@mitre.org
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-0387.html
Source: cve@mitre.org
http://rhn.redhat.com/errata/RHSA-2012-0388.html
Source: cve@mitre.org
http://secunia.com/advisories/48359
Source: cve@mitre.org
http://secunia.com/advisories/48402
Source: cve@mitre.org
http://secunia.com/advisories/48414
Source: cve@mitre.org
http://secunia.com/advisories/48495
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/48496
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/48513
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/48553
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/48561
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/48624
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/48629
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/48823
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/48920
Source: cve@mitre.org
Third Party Advisory
http://www.debian.org/security/2012/dsa-2433
Source: cve@mitre.org
Third Party Advisory
http://www.debian.org/security/2012/dsa-2458
Source: cve@mitre.org
http://www.mandriva.com/security/advisories?name=MDVSA-2012:031
Source: cve@mitre.org
http://www.mandriva.com/security/advisories?name=MDVSA-2012:032
Source: cve@mitre.org
http://www.mozilla.org/security/announce/2012/mfsa2012-16.html
Source: cve@mitre.org
Vendor Advisory
http://www.securityfocus.com/bid/52460
Source: cve@mitre.org
http://www.securitytracker.com/id?1026801
Source: cve@mitre.org
http://www.securitytracker.com/id?1026803
Source: cve@mitre.org
http://www.securitytracker.com/id?1026804
Source: cve@mitre.org
http://www.ubuntu.com/usn/USN-1400-1
Source: cve@mitre.org
http://www.ubuntu.com/usn/USN-1400-2
Source: cve@mitre.org
Third Party Advisory
http://www.ubuntu.com/usn/USN-1400-3
Source: cve@mitre.org
Third Party Advisory
http://www.ubuntu.com/usn/USN-1400-4
Source: cve@mitre.org
Third Party Advisory
http://www.ubuntu.com/usn/USN-1400-5
Source: cve@mitre.org
Third Party Advisory
http://www.ubuntu.com/usn/USN-1401-1
Source: cve@mitre.org
Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=718203
Source: cve@mitre.org
Exploit Issue Tracking Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=719994
Source: cve@mitre.org
Issue Tracking Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=723808
Source: cve@mitre.org
Issue Tracking Patch Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15122
Source: cve@mitre.org
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-0387.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://rhn.redhat.com/errata/RHSA-2012-0388.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/48359
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/48402
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/48414
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/48495
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/48496
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/48513
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/48553
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/48561
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/48624
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/48629
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/48823
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/48920
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.debian.org/security/2012/dsa-2433
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.debian.org/security/2012/dsa-2458
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.mandriva.com/security/advisories?name=MDVSA-2012:031
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.mandriva.com/security/advisories?name=MDVSA-2012:032
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.mozilla.org/security/announce/2012/mfsa2012-16.html
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securityfocus.com/bid/52460
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securitytracker.com/id?1026801
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securitytracker.com/id?1026803
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securitytracker.com/id?1026804
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.ubuntu.com/usn/USN-1400-1
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.ubuntu.com/usn/USN-1400-2
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.ubuntu.com/usn/USN-1400-3
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.ubuntu.com/usn/USN-1400-4
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.ubuntu.com/usn/USN-1400-5
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.ubuntu.com/usn/USN-1401-1
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=718203
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Issue Tracking Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=719994
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=723808
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking Patch Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15122
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

72 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
2.8%
85th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-264

Affected Vendors

mozilla

Related CVEs

CVE-2026-9677 N/A
CVE-2026-13245 6.1
CVE-2026-12404 5.3
CVE-2026-10820 N/A
CVE-2026-12415 9.8