Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0401

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2005-0401
Last Modified 13 Sep 2013 12:42:41
Published 02 May 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2005-0401

Summary

FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka "Firescrolling 2."

Vulnerable Systems

Application

  • Mozilla 1.3

  • Mozilla 1.4

  • Mozilla 1.4.1

  • Mozilla 1.5

  • Mozilla 1.5.1

  • Mozilla 1.6

  • Mozilla 1.7

  • Mozilla 1.7.1

  • Mozilla 1.7.2

  • Mozilla 1.7.3

  • Mozilla 1.7.5

  • Mozilla Firefox 0.10

  • Mozilla Firefox 0.10.1

  • Mozilla Firefox 0.8

  • Mozilla Firefox 0.9

  • Mozilla Firefox 0.9.1

  • Mozilla Firefox 0.9.2

  • Mozilla Firefox 0.9.3

  • Mozilla Firefox 1.0


References

BID - 12885

VUPEN - ADV-2005-0296

REDHAT - RHSA-2005:336

REDHAT - RHSA-2005:335

CONFIRM - http://www.mozilla.org/security/announce/mfsa2005-32.html

GENTOO - GLSA-200503-30

SECUNIA - 14654

MISC - http://mikx.de/firescrolling2/

BUGTRAQ - 20050324 Firescrolling 2 [Firefox 1.0.1]

REDHAT - RHSA-2005:384


Last Updated: 27 May 2016 10:39:47