Описание
FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka "Firescrolling 2."
FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka "Firescrolling 2."
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2005-0401
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100026
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9650
- http://marc.info/?l=bugtraq&m=111168413007891&w=2
- http://mikx.de/firescrolling2
- http://secunia.com/advisories/14654
- http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml
- http://www.mozilla.org/security/announce/mfsa2005-32.html
- http://www.redhat.com/support/errata/RHSA-2005-335.html
- http://www.redhat.com/support/errata/RHSA-2005-336.html
- http://www.redhat.com/support/errata/RHSA-2005-384.html
- http://www.securityfocus.com/bid/12885
- http://www.vupen.com/english/advisories/2005/0296
EPSS
CVE ID
Связанные уязвимости
FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka "Firescrolling 2."
FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka "Firescrolling 2."
FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka "Firescrolling 2."
FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all ...
EPSS