CVE-2005-0401

FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka "Firescrolling 2."
References
Link Resource
http://marc.info/?l=bugtraq&m=111168413007891&w=2
http://mikx.de/firescrolling2/ Exploit
http://secunia.com/advisories/14654 Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml Vendor Advisory
http://www.mozilla.org/security/announce/mfsa2005-32.html
http://www.redhat.com/support/errata/RHSA-2005-335.html Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-336.html Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-384.html
http://www.securityfocus.com/bid/12885 Exploit Patch
http://www.vupen.com/english/advisories/2005/0296
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100026
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9650
http://marc.info/?l=bugtraq&m=111168413007891&w=2
http://mikx.de/firescrolling2/ Exploit
http://secunia.com/advisories/14654 Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml Vendor Advisory
http://www.mozilla.org/security/announce/mfsa2005-32.html
http://www.redhat.com/support/errata/RHSA-2005-335.html Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-336.html Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-384.html
http://www.securityfocus.com/bid/12885 Exploit Patch
http://www.vupen.com/english/advisories/2005/0296
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100026
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9650
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*

History

20 Nov 2024, 23:55

Type Values Removed Values Added
References () http://marc.info/?l=bugtraq&m=111168413007891&w=2 - () http://marc.info/?l=bugtraq&m=111168413007891&w=2 -
References () http://mikx.de/firescrolling2/ - Exploit () http://mikx.de/firescrolling2/ - Exploit
References () http://secunia.com/advisories/14654 - Vendor Advisory () http://secunia.com/advisories/14654 - Vendor Advisory
References () http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml - Vendor Advisory () http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml - Vendor Advisory
References () http://www.mozilla.org/security/announce/mfsa2005-32.html - () http://www.mozilla.org/security/announce/mfsa2005-32.html -
References () http://www.redhat.com/support/errata/RHSA-2005-335.html - Vendor Advisory () http://www.redhat.com/support/errata/RHSA-2005-335.html - Vendor Advisory
References () http://www.redhat.com/support/errata/RHSA-2005-336.html - Vendor Advisory () http://www.redhat.com/support/errata/RHSA-2005-336.html - Vendor Advisory
References () http://www.redhat.com/support/errata/RHSA-2005-384.html - () http://www.redhat.com/support/errata/RHSA-2005-384.html -
References () http://www.securityfocus.com/bid/12885 - Exploit, Patch () http://www.securityfocus.com/bid/12885 - Exploit, Patch
References () http://www.vupen.com/english/advisories/2005/0296 - () http://www.vupen.com/english/advisories/2005/0296 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100026 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100026 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9650 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9650 -

Information

Published : 2005-05-02 04:00

Updated : 2024-11-20 23:55


NVD link : CVE-2005-0401

Mitre link : CVE-2005-0401

CVE.ORG link : CVE-2005-0401


JSON object : View

Products Affected

mozilla

  • firefox
  • mozilla