{"containers":{"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2012-03-13T00:00:00.000Z","descriptions":[{"lang":"en","value":"Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict setting the home page through the dragging of a URL to the home button, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a javascript: URL that is later interpreted in the about:sessionrestore context."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-01-17T19:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"http://www.mozilla.org/security/announce/2012/mfsa2012-16.html"},{"name":"openSUSE-SU-2012:0417","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html"},{"name":"48402","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/48402"},{"name":"MDVSA-2012:031","tags":["vendor-advisory","x_refsource_MANDRIVA"],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2012:031"},{"name":"48624","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/48624"},{"name":"SUSE-SU-2012:0424","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html"},{"name":"USN-1400-5","tags":["vendor-advisory","x_refsource_UBUNTU"],"url":"http://www.ubuntu.com/usn/USN-1400-5"},{"name":"52460","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/52460"},{"name":"48414","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/48414"},{"name":"48359","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/48359"},{"name":"48823","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/48823"},{"name":"USN-1401-1","tags":["vendor-advisory","x_refsource_UBUNTU"],"url":"http://www.ubuntu.com/usn/USN-1401-1"},{"name":"USN-1400-4","tags":["vendor-advisory","x_refsource_UBUNTU"],"url":"http://www.ubuntu.com/usn/USN-1400-4"},{"tags":["x_refsource_CONFIRM"],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=723808"},{"name":"48629","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/48629"},{"name":"oval:org.mitre.oval:def:15122","tags":["vdb-entry","signature","x_refsource_OVAL"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15122"},{"name":"USN-1400-3","tags":["vendor-advisory","x_refsource_UBUNTU"],"url":"http://www.ubuntu.com/usn/USN-1400-3"},{"name":"RHSA-2012:0387","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://rhn.redhat.com/errata/RHSA-2012-0387.html"},{"name":"48496","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/48496"},{"name":"SUSE-SU-2012:0425","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html"},{"tags":["x_refsource_CONFIRM"],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=718203"},{"tags":["x_refsource_CONFIRM"],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=719994"},{"name":"USN-1400-2","tags":["vendor-advisory","x_refsource_UBUNTU"],"url":"http://www.ubuntu.com/usn/USN-1400-2"},{"name":"DSA-2458","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"http://www.debian.org/security/2012/dsa-2458"},{"name":"48920","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/48920"},{"name":"DSA-2433","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"http://www.debian.org/security/2012/dsa-2433"},{"name":"MDVSA-2012:032","tags":["vendor-advisory","x_refsource_MANDRIVA"],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2012:032"},{"name":"1026803","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1026803"},{"name":"48495","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/48495"},{"name":"48553","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/48553"},{"name":"USN-1400-1","tags":["vendor-advisory","x_refsource_UBUNTU"],"url":"http://www.ubuntu.com/usn/USN-1400-1"},{"name":"48561","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/48561"},{"name":"RHSA-2012:0388","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://rhn.redhat.com/errata/RHSA-2012-0388.html"},{"name":"1026801","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1026801"},{"name":"1026804","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1026804"},{"name":"48513","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/48513"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2012-0458","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict setting the home page through the dragging of a URL to the home button, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a javascript: URL that is later interpreted in the about:sessionrestore context."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://www.mozilla.org/security/announce/2012/mfsa2012-16.html","refsource":"CONFIRM","url":"http://www.mozilla.org/security/announce/2012/mfsa2012-16.html"},{"name":"openSUSE-SU-2012:0417","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html"},{"name":"48402","refsource":"SECUNIA","url":"http://secunia.com/advisories/48402"},{"name":"MDVSA-2012:031","refsource":"MANDRIVA","url":"http://www.mandriva.com/security/advisories?name=MDVSA-2012:031"},{"name":"48624","refsource":"SECUNIA","url":"http://secunia.com/advisories/48624"},{"name":"SUSE-SU-2012:0424","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html"},{"name":"USN-1400-5","refsource":"UBUNTU","url":"http://www.ubuntu.com/usn/USN-1400-5"},{"name":"52460","refsource":"BID","url":"http://www.securityfocus.com/bid/52460"},{"name":"48414","refsource":"SECUNIA","url":"http://secunia.com/advisories/48414"},{"name":"48359","refsource":"SECUNIA","url":"http://secunia.com/advisories/48359"},{"name":"48823","refsource":"SECUNIA","url":"http://secunia.com/advisories/48823"},{"name":"USN-1401-1","refsource":"UBUNTU","url":"http://www.ubuntu.com/usn/USN-1401-1"},{"name":"USN-1400-4","refsource":"UBUNTU","url":"http://www.ubuntu.com/usn/USN-1400-4"},{"name":"https://bugzilla.mozilla.org/show_bug.cgi?id=723808","refsource":"CONFIRM","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=723808"},{"name":"48629","refsource":"SECUNIA","url":"http://secunia.com/advisories/48629"},{"name":"oval:org.mitre.oval:def:15122","refsource":"OVAL","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15122"},{"name":"USN-1400-3","refsource":"UBUNTU","url":"http://www.ubuntu.com/usn/USN-1400-3"},{"name":"RHSA-2012:0387","refsource":"REDHAT","url":"http://rhn.redhat.com/errata/RHSA-2012-0387.html"},{"name":"48496","refsource":"SECUNIA","url":"http://secunia.com/advisories/48496"},{"name":"SUSE-SU-2012:0425","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html"},{"name":"https://bugzilla.mozilla.org/show_bug.cgi?id=718203","refsource":"CONFIRM","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=718203"},{"name":"https://bugzilla.mozilla.org/show_bug.cgi?id=719994","refsource":"CONFIRM","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=719994"},{"name":"USN-1400-2","refsource":"UBUNTU","url":"http://www.ubuntu.com/usn/USN-1400-2"},{"name":"DSA-2458","refsource":"DEBIAN","url":"http://www.debian.org/security/2012/dsa-2458"},{"name":"48920","refsource":"SECUNIA","url":"http://secunia.com/advisories/48920"},{"name":"DSA-2433","refsource":"DEBIAN","url":"http://www.debian.org/security/2012/dsa-2433"},{"name":"MDVSA-2012:032","refsource":"MANDRIVA","url":"http://www.mandriva.com/security/advisories?name=MDVSA-2012:032"},{"name":"1026803","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1026803"},{"name":"48495","refsource":"SECUNIA","url":"http://secunia.com/advisories/48495"},{"name":"48553","refsource":"SECUNIA","url":"http://secunia.com/advisories/48553"},{"name":"USN-1400-1","refsource":"UBUNTU","url":"http://www.ubuntu.com/usn/USN-1400-1"},{"name":"48561","refsource":"SECUNIA","url":"http://secunia.com/advisories/48561"},{"name":"RHSA-2012:0388","refsource":"REDHAT","url":"http://rhn.redhat.com/errata/RHSA-2012-0388.html"},{"name":"1026801","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1026801"},{"name":"1026804","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1026804"},{"name":"48513","refsource":"SECUNIA","url":"http://secunia.com/advisories/48513"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-06T18:23:31.026Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.mozilla.org/security/announce/2012/mfsa2012-16.html"},{"name":"openSUSE-SU-2012:0417","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html"},{"name":"48402","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/48402"},{"name":"MDVSA-2012:031","tags":["vendor-advisory","x_refsource_MANDRIVA","x_transferred"],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2012:031"},{"name":"48624","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/48624"},{"name":"SUSE-SU-2012:0424","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html"},{"name":"USN-1400-5","tags":["vendor-advisory","x_refsource_UBUNTU","x_transferred"],"url":"http://www.ubuntu.com/usn/USN-1400-5"},{"name":"52460","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/52460"},{"name":"48414","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/48414"},{"name":"48359","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/48359"},{"name":"48823","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/48823"},{"name":"USN-1401-1","tags":["vendor-advisory","x_refsource_UBUNTU","x_transferred"],"url":"http://www.ubuntu.com/usn/USN-1401-1"},{"name":"USN-1400-4","tags":["vendor-advisory","x_refsource_UBUNTU","x_transferred"],"url":"http://www.ubuntu.com/usn/USN-1400-4"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=723808"},{"name":"48629","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/48629"},{"name":"oval:org.mitre.oval:def:15122","tags":["vdb-entry","signature","x_refsource_OVAL","x_transferred"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15122"},{"name":"USN-1400-3","tags":["vendor-advisory","x_refsource_UBUNTU","x_transferred"],"url":"http://www.ubuntu.com/usn/USN-1400-3"},{"name":"RHSA-2012:0387","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://rhn.redhat.com/errata/RHSA-2012-0387.html"},{"name":"48496","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/48496"},{"name":"SUSE-SU-2012:0425","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=718203"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=719994"},{"name":"USN-1400-2","tags":["vendor-advisory","x_refsource_UBUNTU","x_transferred"],"url":"http://www.ubuntu.com/usn/USN-1400-2"},{"name":"DSA-2458","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"http://www.debian.org/security/2012/dsa-2458"},{"name":"48920","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/48920"},{"name":"DSA-2433","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"http://www.debian.org/security/2012/dsa-2433"},{"name":"MDVSA-2012:032","tags":["vendor-advisory","x_refsource_MANDRIVA","x_transferred"],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2012:032"},{"name":"1026803","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1026803"},{"name":"48495","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/48495"},{"name":"48553","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/48553"},{"name":"USN-1400-1","tags":["vendor-advisory","x_refsource_UBUNTU","x_transferred"],"url":"http://www.ubuntu.com/usn/USN-1400-1"},{"name":"48561","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/48561"},{"name":"RHSA-2012:0388","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://rhn.redhat.com/errata/RHSA-2012-0388.html"},{"name":"1026801","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1026801"},{"name":"1026804","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1026804"},{"name":"48513","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/48513"}]}]},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2012-0458","datePublished":"2012-03-14T19:00:00.000Z","dateReserved":"2012-01-09T00:00:00.000Z","dateUpdated":"2024-08-06T18:23:31.026Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}