CVE Vulnerabilities

CVE-2005-0401

Published: May 02, 2005 | Modified: May 03, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5.1 MEDIUM
AV:N/AC:H/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka Firescrolling 2.

Affected Software

Name Vendor Start Version End Version
Firefox Mozilla 0.8 0.8
Mozilla Mozilla 1.7 1.7
Mozilla Mozilla 1.7 1.7
Mozilla Mozilla 1.5 1.5
Mozilla Mozilla 1.7 1.7
Firefox Mozilla 0.9.1 0.9.1
Mozilla Mozilla 1.7.5 1.7.5
Firefox Mozilla 0.10.1 0.10.1
Firefox Mozilla 0.9 0.9
Mozilla Mozilla 1.6 1.6
Mozilla Mozilla 1.4.1 1.4.1
Mozilla Mozilla 1.5 1.5
Mozilla Mozilla 1.5 1.5
Mozilla Mozilla 1.3 1.3
Firefox Mozilla 1.0 1.0
Mozilla Mozilla 1.7 1.7
Mozilla Mozilla 1.4 1.4
Mozilla Mozilla 1.5 1.5
Mozilla Mozilla 1.7.1 1.7.1
Firefox Mozilla 0.9.3 0.9.3
Mozilla Mozilla 1.4 1.4
Mozilla Mozilla 1.5.1 1.5.1
Firefox Mozilla 0.9.2 0.9.2
Mozilla Mozilla 1.7.2 1.7.2
Firefox Mozilla 0.9 0.9
Mozilla Mozilla 1.7 1.7
Mozilla Mozilla 1.7 1.7
Firefox Mozilla 0.10 0.10
Mozilla Mozilla 1.7.3 1.7.3
Mozilla Mozilla 1.6 1.6
Mozilla Mozilla 1.6 1.6

References