Your submission was sent successfully! Close

CVE-2010-0178

Published: 05 April 2010

Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, does not prevent applets from interpreting mouse clicks as drag-and-drop actions, which allows remote attackers to execute arbitrary JavaScript with Chrome privileges by loading a chrome: URL and then loading a javascript: URL.

Priority

Medium

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
Upstream
Released (3.6.2)
seamonkey
Launchpad, Ubuntu, Debian
Upstream
Released (2.0.4)
xulrunner-1.9
Launchpad, Ubuntu, Debian
Upstream
Released (1.9.0.19)
xulrunner-1.9.1
Launchpad, Ubuntu, Debian
Upstream
Released (1.9.1.9)