CVE-2012-1950
First published: Wed Jul 18 2012(Updated: )
The drag-and-drop implementation in Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 allows remote attackers to spoof the address bar by canceling a page load.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Firefox | =4.0 | |
| Firefox | =4.0-beta1 | |
| Firefox | =4.0-beta10 | |
| Firefox | =4.0-beta11 | |
| Firefox | =4.0-beta12 | |
| Firefox | =4.0-beta2 | |
| Firefox | =4.0-beta3 | |
| Firefox | =4.0-beta4 | |
| Firefox | =4.0-beta5 | |
| Firefox | =4.0-beta6 | |
| Firefox | =4.0-beta7 | |
| Firefox | =4.0-beta8 | |
| Firefox | =4.0-beta9 | |
| Firefox | =4.0.1 | |
| Firefox | =5.0 | |
| Firefox | =5.0.1 | |
| Firefox | =6.0 | |
| Firefox | =6.0.1 | |
| Firefox | =6.0.2 | |
| Firefox | =7.0 | |
| Firefox | =7.0.1 | |
| Firefox | =8.0 | |
| Firefox | =8.0.1 | |
| Firefox | =9.0 | |
| Firefox | =9.0.1 | |
| Firefox | =11.0 | |
| Firefox | =12.0 | |
| Firefox | =12.0-beta6 | |
| Firefox | =13.0 | |
| Firefox | =10.0 | |
| Firefox | =10.0.1 | |
| Firefox | =10.0.2 | |
| Firefox | =10.0.3 | |
| Firefox | =10.0.4 | |
| Firefox | =10.0.5 | |
| Firefox ESR | =10.0 | |
| Firefox ESR | =10.0.1 | |
| Firefox ESR | =10.0.2 | |
| Firefox ESR | =10.0.3 | |
| Firefox ESR | =10.0.4 | |
| Firefox ESR | =10.0.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html
- http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html
- http://osvdb.org/84008
- http://rhn.redhat.com/errata/RHSA-2012-1088.html
- http://secunia.com/advisories/49964
- http://secunia.com/advisories/49965
- http://secunia.com/advisories/49972
- http://secunia.com/advisories/49979
- http://secunia.com/advisories/49992
- http://www.debian.org/security/2012/dsa-2514
- http://www.debian.org/security/2012/dsa-2528
- http://www.mozilla.org/security/announce/2012/mfsa2012-43.html
- http://www.securitytracker.com/id?1027256
- http://www.ubuntu.com/usn/USN-1509-1
- http://www.ubuntu.com/usn/USN-1509-2
- https://bugzilla.mozilla.org/show_bug.cgi?id=724247
- https://bugzilla.mozilla.org/show_bug.cgi?id=724599
- https://bugzilla.mozilla.org/show_bug.cgi?id=725611
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16970
Frequently Asked Questions
What is the severity of CVE-2012-1950?
CVE-2012-1950 has a medium severity level as it allows remote attackers to spoof the address bar.
How do I fix CVE-2012-1950?
To fix CVE-2012-1950, upgrade to Mozilla Firefox version 10.0.6 or later, or use an updated version of Firefox ESR.
What versions of Firefox are affected by CVE-2012-1950?
CVE-2012-1950 affects Mozilla Firefox versions 4.x through 13.0 and Firefox ESR 10.x before 10.0.6.
Can CVE-2012-1950 be exploited remotely?
Yes, CVE-2012-1950 can be exploited remotely to spoof the address bar during a page load.
What impact does CVE-2012-1950 have on users?
CVE-2012-1950 can mislead users by displaying a false URL in the address bar, potentially leading to phishing attacks.
- agent/references
- agent/type
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- agent/event
- agent/author
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/softwarecombine
- vendor/mozilla
- canonical/firefox
- version/firefox/4.0
- version/firefox/4.0-beta1
- version/firefox/4.0-beta10
- version/firefox/4.0-beta11
- version/firefox/4.0-beta12
- version/firefox/4.0-beta2
- version/firefox/4.0-beta3
- version/firefox/4.0-beta4
- version/firefox/4.0-beta5
- version/firefox/4.0-beta6
- version/firefox/4.0-beta7
- version/firefox/4.0-beta8
- version/firefox/4.0-beta9
- version/firefox/4.0.1
- version/firefox/5.0
- version/firefox/5.0.1
- version/firefox/6.0
- version/firefox/6.0.1
- version/firefox/6.0.2
- version/firefox/7.0
- version/firefox/7.0.1
- version/firefox/8.0
- version/firefox/8.0.1
- version/firefox/9.0
- version/firefox/9.0.1
- version/firefox/11.0
- version/firefox/12.0
- version/firefox/12.0-beta6
- version/firefox/13.0
- version/firefox/10.0
- version/firefox/10.0.1
- version/firefox/10.0.2
- version/firefox/10.0.3
- version/firefox/10.0.4
- version/firefox/10.0.5
- canonical/firefox esr
- version/firefox esr/10.0
- version/firefox esr/10.0.1
- version/firefox esr/10.0.2
- version/firefox esr/10.0.3
- version/firefox esr/10.0.4
- version/firefox esr/10.0.5