CVE-2005-0401

FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka "Firescrolling 2."

CVSS v2.0 5.1 MEDIUM

5.1^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability : 4.9 / Impact : 6.4

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://marc.info/?l=bugtraq&m=111168413007891&w=2
http://mikx.de/firescrolling2/	Exploit
http://secunia.com/advisories/14654	Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml	Vendor Advisory
http://www.mozilla.org/security/announce/mfsa2005-32.html
http://www.redhat.com/support/errata/RHSA-2005-335.html	Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-336.html	Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-384.html
http://www.securityfocus.com/bid/12885	Exploit Patch
http://www.vupen.com/english/advisories/2005/0296
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100026
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9650
http://marc.info/?l=bugtraq&m=111168413007891&w=2
http://mikx.de/firescrolling2/	Exploit
http://secunia.com/advisories/14654	Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml	Vendor Advisory
http://www.mozilla.org/security/announce/mfsa2005-32.html
http://www.redhat.com/support/errata/RHSA-2005-335.html	Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-336.html	Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-384.html
http://www.securityfocus.com/bid/12885	Exploit Patch
http://www.vupen.com/english/advisories/2005/0296
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100026
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9650

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:firefox:0.8:::::::*
	cpe:2.3:a:mozilla:firefox:0.9:::::::*
	cpe:2.3:a:mozilla:firefox:0.9:rc::::::
	cpe:2.3:a:mozilla:firefox:0.9.1:::::::*
	cpe:2.3:a:mozilla:firefox:0.9.2:::::::*
	cpe:2.3:a:mozilla:firefox:0.9.3:::::::*
	cpe:2.3:a:mozilla:firefox:0.10:::::::*
	cpe:2.3:a:mozilla:firefox:0.10.1:::::::*
	cpe:2.3:a:mozilla:firefox:1.0:::::::*
	cpe:2.3:a:mozilla:mozilla:1.3:::::::*
	cpe:2.3:a:mozilla:mozilla:1.4:::::::*
	cpe:2.3:a:mozilla:mozilla:1.4:alpha::::::
	cpe:2.3:a:mozilla:mozilla:1.4.1:::::::*
	cpe:2.3:a:mozilla:mozilla:1.5:::::::*
	cpe:2.3:a:mozilla:mozilla:1.5:alpha::::::
	cpe:2.3:a:mozilla:mozilla:1.5:rc1::::::
	cpe:2.3:a:mozilla:mozilla:1.5:rc2::::::
	cpe:2.3:a:mozilla:mozilla:1.5.1:::::::*
	cpe:2.3:a:mozilla:mozilla:1.6:::::::*
	cpe:2.3:a:mozilla:mozilla:1.6:alpha::::::
	cpe:2.3:a:mozilla:mozilla:1.6:beta::::::
	cpe:2.3:a:mozilla:mozilla:1.7:::::::*
	cpe:2.3:a:mozilla:mozilla:1.7:alpha::::::
	cpe:2.3:a:mozilla:mozilla:1.7:beta::::::
	cpe:2.3:a:mozilla:mozilla:1.7:rc1::::::
	cpe:2.3:a:mozilla:mozilla:1.7:rc2::::::
	cpe:2.3:a:mozilla:mozilla:1.7:rc3::::::
	cpe:2.3:a:mozilla:mozilla:1.7.1:::::::*
	cpe:2.3:a:mozilla:mozilla:1.7.2:::::::*
	cpe:2.3:a:mozilla:mozilla:1.7.3:::::::*
	cpe:2.3:a:mozilla:mozilla:1.7.5:::::::*

History

20 Nov 2024, 23:55

Type	Values Removed	Values Added
References	~~() http://marc.info/?l=bugtraq&m=111168413007891&w=2 -~~	() http://marc.info/?l=bugtraq&m=111168413007891&w=2 -
References	~~() http://mikx.de/firescrolling2/ - Exploit~~	() http://mikx.de/firescrolling2/ - Exploit
References	~~() http://secunia.com/advisories/14654 - Vendor Advisory~~	() http://secunia.com/advisories/14654 - Vendor Advisory
References	~~() http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml - Vendor Advisory~~	() http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml - Vendor Advisory
References	~~() http://www.mozilla.org/security/announce/mfsa2005-32.html -~~	() http://www.mozilla.org/security/announce/mfsa2005-32.html -
References	~~() http://www.redhat.com/support/errata/RHSA-2005-335.html - Vendor Advisory~~	() http://www.redhat.com/support/errata/RHSA-2005-335.html - Vendor Advisory
References	~~() http://www.redhat.com/support/errata/RHSA-2005-336.html - Vendor Advisory~~	() http://www.redhat.com/support/errata/RHSA-2005-336.html - Vendor Advisory
References	~~() http://www.redhat.com/support/errata/RHSA-2005-384.html -~~	() http://www.redhat.com/support/errata/RHSA-2005-384.html -
References	~~() http://www.securityfocus.com/bid/12885 - Exploit, Patch~~	() http://www.securityfocus.com/bid/12885 - Exploit, Patch
References	~~() http://www.vupen.com/english/advisories/2005/0296 -~~	() http://www.vupen.com/english/advisories/2005/0296 -
References	~~() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100026 -~~	() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100026 -
References	~~() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9650 -~~	() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9650 -

Information

Published : 2005-05-02 04:00

Updated : 2024-11-20 23:55

NVD link : CVE-2005-0401

Mitre link : CVE-2005-0401

CVE.ORG link : CVE-2005-0401

JSON object : View

Products Affected

mozilla

mozilla
firefox

CWE

NVD-CWE-Other

5.1 /10