Published: 18/07/2012 Updated: 29/12/2017

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

VMScore: 570

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P

The drag-and-drop implementation in Mozilla Firefox 4.x up to and including 13.0 and Firefox ESR 10.x prior to 10.0.6 allows remote malicious users to spoof the address bar by canceling a page load.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox 4.0
mozilla firefox 8.0
mozilla firefox 8.0.1
mozilla firefox 7.0.1
mozilla firefox 7.0
mozilla firefox 12.0
mozilla firefox 13.0
mozilla firefox 5.0
mozilla firefox 5.0.1
mozilla firefox 6.0
mozilla firefox 9.0.1
mozilla firefox 9.0
mozilla firefox 4.0.1
mozilla firefox 6.0.2
mozilla firefox 6.0.1
mozilla firefox 11.0
mozilla firefox esr 10.0.1
mozilla firefox esr 10.0.5
mozilla firefox esr 10.0.2
mozilla firefox esr 10.0.3
mozilla firefox esr 10.0.4
mozilla firefox esr 10.0

Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic Updated firefox packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 5 and 6The Red Hat Security Response Team has rated this update as having criticalsecurity impact Common Vulne ...

This update provides compatible ubufox packages for the latest Firefox ...

Several security issues were fixed in Firefox ...

Several vulnerabilities were discovered in Icedove, Debian's version of the Mozilla Thunderbird mail and news client CVE-2012-1948 Multiple unspecified vulnerabilities in the browser engine were fixed CVE-2012-1950 The underlying browser engine allows address bar spoofing through drag-and-drop CVE-2012-1954 A use-after-free vulnerability i ...

Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox The included XULRunner library provides rendering services for several other applications included in Debian CVE-2012-1948 Benoit Jacob, Jesse Ruderman, Christian Holler, and Bill McCloskey identified several memory safety problems that may lead to ...

Mozilla Foundation Security Advisory 2012-43 Incorrect URL displayed in addressbar through drag and drop Announced July 17, 2012 Reporter Mario Gomes, Code Audit Labs Impact Moderate Products Firefox, Firefox ESR Fixed ...

NVD-CWE-Other http://www.mozilla.org/security/announce/2012/mfsa2012-43.html https://bugzilla.mozilla.org/show_bug.cgi?id=724599 https://bugzilla.mozilla.org/show_bug.cgi?id=725611 https://bugzilla.mozilla.org/show_bug.cgi?id=724247 http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html http://rhn.redhat.com/errata/RHSA-2012-1088.html http://www.debian.org/security/2012/dsa-2528 http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html http://www.debian.org/security/2012/dsa-2514 http://www.securitytracker.com/id?1027256 http://www.ubuntu.com/usn/USN-1509-2 http://secunia.com/advisories/49965 http://secunia.com/advisories/49972 http://www.ubuntu.com/usn/USN-1509-1 http://secunia.com/advisories/49992 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16970 http://secunia.com/advisories/49979 http://secunia.com/advisories/49964 http://osvdb.org/84008 https://access.redhat.com/errata/RHSA-2012:1088 https://nvd.nist.gov https://usn.ubuntu.com/1509-2/

CVE-2012-1950

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect