CVE-2012-1950 — Mozilla Firefox vulnerability

6 documents5 sources

Severity

6.4MEDIUMNVD

EPSS

2.8%

top 13.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox

Timeline

PublishedJul 18

Latest updateMay 14

Description

The drag-and-drop implementation in Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 allows remote attackers to spoof the address bar by canceling a page load.

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

▶NVDmozilla/firefox22 versions+21

🔴Vulnerability Details

GHSA

GHSA-wqgg-q2mf-p44h: The drag-and-drop implementation in Mozilla Firefox 4↗2022-05-14

▶

📋Vendor Advisories

Ubuntu

ubufox update↗2012-07-18

▶

Ubuntu

Firefox vulnerabilities↗2012-07-17

▶

Red Hat

Mozilla: Incorrect URL displayed in addressbar through drag and drop (MFSA 2012-43)↗2012-07-17

▶

💬Community

Bugzilla

CVE-2012-1950 Mozilla: Incorrect URL displayed in addressbar through drag and drop (MFSA 2012-43)↗2012-07-14

▶