FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka "Firescrolling 2."
References
Configurations
Configuration 1 (hide)
|
History
20 Nov 2024, 23:55
Type | Values Removed | Values Added |
---|---|---|
References | () http://marc.info/?l=bugtraq&m=111168413007891&w=2 - | |
References | () http://mikx.de/firescrolling2/ - Exploit | |
References | () http://secunia.com/advisories/14654 - Vendor Advisory | |
References | () http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml - Vendor Advisory | |
References | () http://www.mozilla.org/security/announce/mfsa2005-32.html - | |
References | () http://www.redhat.com/support/errata/RHSA-2005-335.html - Vendor Advisory | |
References | () http://www.redhat.com/support/errata/RHSA-2005-336.html - Vendor Advisory | |
References | () http://www.redhat.com/support/errata/RHSA-2005-384.html - | |
References | () http://www.securityfocus.com/bid/12885 - Exploit, Patch | |
References | () http://www.vupen.com/english/advisories/2005/0296 - | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100026 - | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9650 - |
Information
Published : 2005-05-02 04:00
Updated : 2024-11-20 23:55
NVD link : CVE-2005-0401
Mitre link : CVE-2005-0401
CVE.ORG link : CVE-2005-0401
JSON object : View
Products Affected
mozilla
- firefox
- mozilla
CWE