Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:20582
HistorySep 29, 2008 - 12:00 a.m.

Mozilla Foundation Security Advisory 2008-40

2008-09-2900:00:00
vulners.com
24
JSON

Mozilla Foundation Security Advisory 2008-40

Title: Forced mouse drag
Impact: Low
Announced: September 23, 2008
Reporter: Paul Nickerson, Liu Die Yu
Products: Firefox, SeaMonkey

Fixed in: Firefox 3.0.2
Firefox 2.0.0.17
SeaMonkey 1.1.12
Description

Mozilla developer Paul Nickerson reported a variant of a click-hijacking vulnerability discovered in Internet Explorer by Liu Die Yu. The vulnerability allowed an attacker to move the content window while the mouse was being clicked, causing an item to be dragged rather than clicked-on. This issue could potentially be used to force a user to download a file or perform other drag-and-drop actions.
Workaround

  1. open Options/Preferences dialog
  2. go to the "Content" tab
  3. click the "Advanced…" button on the same line as the "Enable JavaScript" checkbox
  4. UN-check the "Move or resize existing windows" box.

References

* https://bugzilla.mozilla.org/show_bug.cgi?id=329385
* CVE-2008-3837

Related

veracode 1
mozilla 1
prion 1
ubuntucve 1
cve 1
fedora 41
openvas 110
nessus 31
oraclelinux 2
centos 3
redhat 2
debian 1
osv 1
freebsd 1
securityvulns 1
ubuntu 1
veracode
veracode
Insecure Browser Functionality
2020-04-10 00:25:29
mozilla
mozilla
Forced mouse drag — Mozilla
2008-09-23 00:00:00
prion
prion
Design/Logic Flaw
2008-09-24 20:37:00
ubuntucve
ubuntucve
CVE-2008-3837
2008-09-24 00:00:00
cve
cve
CVE-2008-3837
2008-09-24 20:37:00
fedora
fedora
[SECURITY] Fedora 9 Update: epiphany-2.22.2-4.fc9
2008-09-28 18:40:02
[SECURITY] Fedora 9 Update: xulrunner-1.9.0.2-1.fc9
2008-09-28 18:40:02
[SECURITY] Fedora 8 Update: gnome-web-photo-0.3-13.fc8
2008-09-28 18:40:57
openvas
openvas
Fedora Update for Miro FEDORA-2008-8425
2009-02-17 00:00:00
Fedora Update for yelp FEDORA-2008-8425
2009-02-17 00:00:00
Fedora Update for cairo-dock FEDORA-2008-8425
2009-02-17 00:00:00
nessus
nessus
RHEL 4 / 5 : firefox (RHSA-2008:0879)
2008-09-24 00:00:00
CentOS 4 / 5 : firefox (CESA-2008:0879)
2010-01-06 00:00:00
Oracle Linux 5 : firefox (ELSA-2008-0879)
2013-07-12 00:00:00
oraclelinux
oraclelinux
firefox security update
2008-09-24 00:00:00
seamonkey security update
2008-09-24 00:00:00
centos
centos
devhelp, firefox, nss, xulrunner, yelp security update
2008-09-24 14:24:39
seamonkey security update
2008-09-24 14:22:25
seamonkey security update
2008-09-24 23:08:13
redhat
redhat
(RHSA-2008:0879) Critical: firefox security update
2008-09-23 00:00:00
(RHSA-2008:0882) Critical: seamonkey security update
2008-09-23 00:00:00
debian
debian
[SECURITY] [DSA 1649-1] New iceweasel packages fix several vulnerabilities
2008-10-08 20:15:55
osv
osv
iceweasel - several vulnerabilities
2008-10-08 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2008-09-24 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2008-09-30 00:00:00
ubuntu
ubuntu
Firefox and xulrunner regression
2008-09-25 00:00:00
JSON
Related for SECURITYVULNS:DOC:20582
veracode1mozilla1prion1ubuntucve1cve1fedora41openvas110nessus31oraclelinux2centos3redhat2debian1osv1freebsd1securityvulns1ubuntu1