First published: Wed Sep 24 2008(Updated: )
Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and SeaMonkey before 1.1.12, allow user-assisted remote attackers to move a window during a mouse click, and possibly force a file download or unspecified other drag-and-drop action, via a crafted onmousedown action that calls window.moveBy, a variant of CVE-2003-0823.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Mozilla Firefox | <2.0.0.17 | |
Mozilla Firefox | >=3.0<3.0.2 | |
Mozilla SeaMonkey | <1.1.12 | |
Debian Debian Linux | =4.0 | |
Canonical Ubuntu Linux | =6.06 | |
Canonical Ubuntu Linux | =7.04 | |
Canonical Ubuntu Linux | =7.10 | |
Canonical Ubuntu Linux | =8.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.