Unrated severityNVD Advisory· Published Mar 14, 2012· Updated Jun 16, 2026
CVE-2012-0455
CVE-2012-0455
Description
Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict drag-and-drop operations on javascript: URLs, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web page, related to a "DragAndDropJacking" issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
47cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*+ 29 more
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*range: <=3.6.27
- cpe:2.3:a:mozilla:firefox:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:4.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:4.0:beta10:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:4.0:beta11:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:4.0:beta12:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:4.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:4.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:4.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:4.0:beta5:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:4.0:beta6:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:4.0:beta7:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:4.0:beta8:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:4.0:beta9:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:6.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:9.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:10.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:10.2:*:*:*:*:*:*:*
- (no CPE)range: <3.6.28, >=4.0 <=10.0
cpe:2.3:a:mozilla:seamonkey:*:beta5:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:seamonkey:*:beta5:*:*:*:*:*:*range: <=2.7
- (no CPE)range: <2.8
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*+ 11 more
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*range: <=3.1.19
- cpe:2.3:a:mozilla:thunderbird:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:6.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:9.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird_esr:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird_esr:10.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird_esr:10.0.2:*:*:*:*:*:*:*
- (no CPE)range: <3.1.20, >=5.0 <=10.0
- osv-coords3 versionspkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Tumbleweed
< 128.5.1-1.1+ 2 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 50.1.0-1.1
- (no CPE)range: < 45.5.1-1.1
Patches
Vulnerability mechanics
References
34- lists.opensuse.org/opensuse-updates/2012-03/msg00042.htmlnvdMailing ListThird Party Advisory
- secunia.com/advisories/48495nvdThird Party Advisory
- secunia.com/advisories/48496nvdThird Party Advisory
- secunia.com/advisories/48513nvdThird Party Advisory
- secunia.com/advisories/48553nvdThird Party Advisory
- secunia.com/advisories/48561nvdThird Party Advisory
- secunia.com/advisories/48624nvdThird Party Advisory
- secunia.com/advisories/48629nvdThird Party Advisory
- secunia.com/advisories/48823nvdThird Party Advisory
- secunia.com/advisories/48920nvdThird Party Advisory
- www.debian.org/security/2012/dsa-2433nvdThird Party Advisory
- www.mozilla.org/security/announce/2012/mfsa2012-13.htmlnvdVendor Advisory
- www.ubuntu.com/usn/USN-1400-2nvdThird Party Advisory
- www.ubuntu.com/usn/USN-1400-3nvdThird Party Advisory
- www.ubuntu.com/usn/USN-1400-4nvdThird Party Advisory
- www.ubuntu.com/usn/USN-1400-5nvdThird Party Advisory
- www.ubuntu.com/usn/USN-1401-1nvdThird Party Advisory
- bugzilla.mozilla.org/show_bug.cginvdIssue TrackingThird Party Advisory
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14829nvdThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.htmlnvd
- rhn.redhat.com/errata/RHSA-2012-0387.htmlnvd
- rhn.redhat.com/errata/RHSA-2012-0388.htmlnvd
- secunia.com/advisories/48359nvd
- secunia.com/advisories/48402nvd
- secunia.com/advisories/48414nvd
- www.debian.org/security/2012/dsa-2458nvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.securityfocus.com/bid/52458nvd
- www.securitytracker.com/idnvd
- www.securitytracker.com/idnvd
- www.securitytracker.com/idnvd
- www.ubuntu.com/usn/USN-1400-1nvd
News mentions
0No linked articles in our index yet.