Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0905

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2004-0905
Last Modified 21 Aug 2010 12:00:00
Published 14 Sep 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-0905

Summary

Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.

Vulnerable Systems

Operating System

  • Conectiva Linux 10.0

  • Conectiva Linux 9.0

  • Redhat Enterprise Linux 2.1

  • Redhat Enterprise Linux 3.0

  • Redhat Enterprise Linux Desktop 3.0

  • Redhat Fedora Core Core 1.0

  • Redhat Linux 7.3

  • Redhat Linux 9.0

  • Redhat Linux Advanced Workstation 2.1

  • Suse Linux 1.0

  • Suse Linux 8

  • Suse Linux 8.1

  • Suse Linux 8.2

  • Suse Linux 9.0

  • Suse Linux 9.1

Application

  • Mozilla 1.0

  • Mozilla 1.0.1

  • Mozilla 1.0.2

  • Mozilla 1.1

  • Mozilla 1.2

  • Mozilla 1.2.1

  • Mozilla 1.3

  • Mozilla 1.3.1

  • Mozilla 1.4

  • Mozilla 1.4.1

  • Mozilla 1.4.2

  • Mozilla 1.5

  • Mozilla 1.6

  • Mozilla 1.7

  • Mozilla 1.7.1

  • Mozilla 1.7.2

  • Mozilla Firefox 0.8

  • Mozilla Firefox 0.9

  • Mozilla Firefox 0.9.1

  • Mozilla Firefox 0.9.2

  • Mozilla Firefox 0.9.3

  • Netscape Navigator 7.0

  • Netscape Navigator 7.0.2

  • Netscape Navigator 7.1

  • Netscape Navigator 7.2


References

CERT - TA04-261A

CERT-VN - VU#651928

XF - mozilla-netscape-sameorigin-bypass(17374)

BID - 11177

SUSE - SUSE-SA:2004:036

GENTOO - GLSA-200409-26

CONFIRM - http://bugzilla.mozilla.org/show_bug.cgi?id=250862

CONFIRM - http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3

FEDORA - FLSA:2089

HP - SSRT4826


Last Updated: 27 May 2016 10:38:48