ID CVE-2004-0905 Type cve Reporter NVD Modified 2017-10-10T21:29:37
Description
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.
{"result": {"osvdb": [{"id": "OSVDB:10524", "type": "osvdb", "title": "Mozilla Multiple Product Javascript Drag and Drop XSS", "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:107)\n[Secunia Advisory ID:12698](https://secuniaresearch.flexerasoftware.com/advisories/12698/)\n[Secunia Advisory ID:12742](https://secuniaresearch.flexerasoftware.com/advisories/12742/)\n[Secunia Advisory ID:12747](https://secuniaresearch.flexerasoftware.com/advisories/12747/)\nRedHat RHSA: RHSA-2004:486\nOther Advisory URL: http://www.suse.de/de/security/2004_36_mozilla.html\nOther Advisory URL: http://www.securiteam.com/securitynews/5EP0F20F5S.html\nISS X-Force ID: 17374\n[CVE-2004-0905](https://vulners.com/cve/CVE-2004-0905)\nBugtraq ID: 11177\n", "published": "2004-09-14T00:00:00", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:10524", "cvelist": ["CVE-2004-0905"], "lastseen": "2017-04-28T13:20:05"}], "openvas": [{"id": "OPENVAS:52364", "type": "openvas", "title": "FreeBSD Ports: thunderbird", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "published": "2008-09-04T00:00:00", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=52364", "cvelist": ["CVE-2004-0909", "CVE-2004-0905", "CVE-2004-0908"], "lastseen": "2017-07-02T21:10:09"}, {"id": "OPENVAS:65278", "type": "openvas", "title": "SLES9: Security update for Mozilla", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla-irc\n mozilla-venkman\n mozilla\n mozilla-calendar\n mozilla-mail\n mozilla-dom-inspector\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5012017 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "published": "2009-10-10T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=65278", "cvelist": ["CVE-2004-0906", "CVE-2004-0905", "CVE-2004-0903", "CVE-2004-0908", "CVE-2004-0902", "CVE-2004-0904"], "lastseen": "2017-07-26T08:55:18"}, {"id": "OPENVAS:136141256231065278", "type": "openvas", "title": "SLES9: Security update for Mozilla", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla-irc\n mozilla-venkman\n mozilla\n mozilla-calendar\n mozilla-mail\n mozilla-dom-inspector\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5012017 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "published": "2009-10-10T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065278", "cvelist": ["CVE-2004-0906", "CVE-2004-0905", "CVE-2004-0903", "CVE-2004-0908", "CVE-2004-0902", "CVE-2004-0904"], "lastseen": "2018-04-06T11:37:34"}, {"id": "OPENVAS:54682", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200409-26 (Mozilla)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200409-26.", "published": "2008-09-24T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=54682", "cvelist": ["CVE-2004-0909", "CVE-2004-0906", "CVE-2004-0905", "CVE-2004-0903", "CVE-2004-0908", "CVE-2004-0902", "CVE-2004-0907", "CVE-2004-0904"], "lastseen": "2017-07-24T12:49:44"}], "freebsd": [{"id": "B2E6D1D6-1339-11D9-BC4A-000C41E2CDAD", "type": "freebsd", "title": "mozilla -- scripting vulnerabilities", "description": "\nSeveral scripting vulnerabilities were discovered and\n\t corrected in Mozilla:\n\nCVE-2004-0905\n\n\njavascript; links dragged onto another frame or\n\t\tpage allows an attacker to steal or modify sensitive\n\t\tinformation from other sites. The user could be convinced\n\t\tto drag obscurred links in the context of a game or even a\n\t\tfake scrollbar. If the user could be convinced to drag two\n\t\tlinks in sequence into a separate window (not frame) the\n\t\tattacker would be able to run arbitrary programs.\n\n\nCVE-2004-0908\n\n\nUntrusted javascript code can read and write to the\n\t\tclipboard, stealing any sensitive data the user might\n\t\thave copied. Workaround: disable\n\t\tjavascript\n\n\nCVE-2004-0909\n\n\nSigned scripts requesting enhanced abilities could\n\t\tconstruct the request in a way that led to a confusing\n\t\tgrant dialog, possibly fooling the user into thinking\n\t\tthe privilege requested was inconsequential while\n\t\tactually obtaining explicit permission to run and\n\t\tinstall software. Workaround: Never\n\t\tgrant enhanced abilities of any kind to untrusted web\n\t\tpages.\n\n\n\n", "published": "2004-09-13T00:00:00", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vuxml.freebsd.org/freebsd/b2e6d1d6-1339-11d9-bc4a-000c41e2cdad.html", "cvelist": ["CVE-2004-0909", "CVE-2004-0905", "CVE-2004-0908"], "lastseen": "2016-09-26T17:25:20"}], "nessus": [{"id": "FREEBSD_PKG_B2E6D1D6133911D9BC4A000C41E2CDAD.NASL", "type": "nessus", "title": "FreeBSD : mozilla -- scripting vulnerabilities (b2e6d1d6-1339-11d9-bc4a-000c41e2cdad)", "description": "Several scripting vulnerabilities were discovered and corrected in Mozilla : CVE-2004-0905 JavaScript; links dragged onto another frame or page allows an attacker to steal or modify sensitive information from other sites. The user could be convinced to drag obscurred links in the context of a game or even a fake scrollbar. If the user could be convinced to drag two links in sequence into a separate window (not frame) the attacker would be able to run arbitrary programs.\nCVE-2004-0908 Untrusted JavaScript code can read and write to the clipboard, stealing any sensitive data the user might have copied.\nWorkaround: disable JavaScript CVE-2004-0909 Signed scripts requesting enhanced abilities could construct the request in a way that led to a confusing grant dialog, possibly fooling the user into thinking the privilege requested was inconsequential while actually obtaining explicit permission to run and install software. Workaround: Never grant enhanced abilities of any kind to untrusted web pages.", "published": "2005-07-13T00:00:00", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=19087", "cvelist": ["CVE-2004-0909", "CVE-2004-0905", "CVE-2004-0908"], "lastseen": "2017-10-29T13:37:20"}, {"id": "REDHAT-RHSA-2004-486.NASL", "type": "nessus", "title": "RHEL 2.1 / 3 : mozilla (RHSA-2004:486)", "description": "Updated mozilla packages that fix a number of security issues are now available.\n\nMozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.\n\nJesse Ruderman discovered a cross-domain scripting bug in Mozilla. If a user is tricked into dragging a JavaScript link into another frame or page, it becomes possible for an attacker to steal or modify sensitive information from that site. Additionally, if a user is tricked into dragging two links in sequence to another window (not frame), it is possible for the attacker to execute arbitrary commands.\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0905 to this issue.\n\nGael Delalleau discovered an integer overflow which affects the BMP handling code inside Mozilla. An attacker could create a carefully crafted BMP file in such a way that it would cause Mozilla to crash or execute arbitrary code when the image is viewed. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0904 to this issue.\n\nGeorgi Guninski discovered a stack-based buffer overflow in the vCard display routines. An attacker could create a carefully crafted vCard file in such a way that it would cause Mozilla to crash or execute arbitrary code when viewed. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0903 to this issue.\n\nWladimir Palant discovered a flaw in the way JavaScript interacts with the clipboard. It is possible that an attacker could use malicious JavaScript code to steal sensitive data which has been copied into the clipboard. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0908 to this issue.\n\nGeorgi Guninski discovered a heap based buffer overflow in the 'Send Page' feature. It is possible that an attacker could construct a link in such a way that a user attempting to forward it could result in a crash or arbitrary code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0902 to this issue.\n\nUsers of Mozilla should update to these updated packages, which contain backported patches and are not vulnerable to these issues.", "published": "2004-10-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=15409", "cvelist": ["CVE-2004-0905", "CVE-2004-0903", "CVE-2004-0908", "CVE-2004-0902", "CVE-2004-0904"], "lastseen": "2017-10-29T13:39:28"}, {"id": "MOZILLA_MULTIPLE_FLAWS.NASL", "type": "nessus", "title": "Mozilla Browsers Multiple Vulnerabilities", "description": "The remote host is using Mozilla and/or Firefox, a web browser.\n\nThe remote version of this software is vulnerable to several flaws that could allow an attacker to execute arbitrary code on the remote host, get access to content of the user clipboard or, perform a cross-domain cross-site scripting attack.\n\nA remote attacker could exploit these issues by tricking a user into viewing a malicious web page.", "published": "2004-09-15T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=14728", "cvelist": ["CVE-2004-0906", "CVE-2004-0905", "CVE-2004-0908", "CVE-2004-0904"], "lastseen": "2017-10-29T13:36:54"}, {"id": "GENTOO_GLSA-200409-26.NASL", "type": "nessus", "title": "GLSA-200409-26 : Mozilla, Firefox, Thunderbird, Epiphany: New releases fix vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-200409-26 (Mozilla, Firefox, Thunderbird, Epiphany: New releases fix vulnerabilities)\n\n Mozilla-based products are vulnerable to multiple security issues.\n Firstly, routines handling the display of BMP images and VCards contain an integer overflow and a stack buffer overrun. Specific pages with long links, when sent using the 'Send Page' function, and links with non-ASCII hostnames could both cause heap buffer overruns.\n Several issues were found and fixed in JavaScript rights handling:\n untrusted script code could read and write to the clipboard, signed scripts could build confusing grant privileges dialog boxes, and when dragged onto trusted frames or windows, JavaScript links could access information and rights of the target frame or window. Finally, Mozilla-based mail clients (Mozilla and Mozilla Thunderbird) are vulnerable to a heap overflow caused by invalid POP3 mail server responses.\n Impact :\n\n An attacker might be able to run arbitrary code with the rights of the user running the software by enticing the user to perform one of the following actions: view a specially crafted BMP image or VCard, use the 'Send Page' function on a malicious page, follow links with malicious hostnames, drag multiple JavaScript links in a row to another window, or connect to an untrusted POP3 mail server. An attacker could also use a malicious page with JavaScript to disclose clipboard contents or abuse previously-given privileges to request XPI installation privileges through a confusing dialog.\n Workaround :\n\n There is no known workaround covering all vulnerabilities.", "published": "2004-09-21T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=14781", "cvelist": ["CVE-2004-0909", "CVE-2004-0906", "CVE-2004-0905", "CVE-2004-0903", "CVE-2004-0908", "CVE-2004-0902", "CVE-2004-0907", "CVE-2004-0904"], "lastseen": "2017-10-29T13:38:43"}, {"id": "MANDRAKE_MDKSA-2004-107.NASL", "type": "nessus", "title": "Mandrake Linux Security Advisory : mozilla (MDKSA-2004:107)", "description": "A number of vulnerabilities were fixed in mozilla 1.7.3, the following of which have been backported to mozilla packages for Mandrakelinux 10.0 :\n\n - 'Send page' heap overrun\n\n - JavaScript clipboard access\n\n - buffer overflow when displaying VCard\n\n - BMP integer overflow\n\n - javascript: link dragging\n\n - Malicious POP3 server III\n\nThe details of all of these vulnerabilities are available from the Mozilla website.", "published": "2004-10-20T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=15521", "cvelist": ["CVE-2004-0909", "CVE-2004-0906", "CVE-2004-0905", "CVE-2004-0903", "CVE-2004-0908", "CVE-2004-0902", "CVE-2004-0904"], "lastseen": "2017-10-29T13:32:53"}], "redhat": [{"id": "RHSA-2004:486", "type": "redhat", "title": "(RHSA-2004:486) mozilla security update", "description": "Mozilla is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor.\n\nJesse Ruderman discovered a cross-domain scripting bug in Mozilla. If\na user is tricked into dragging a javascript link into another frame or\npage, it becomes possible for an attacker to steal or modify sensitive\ninformation from that site. Additionally, if a user is tricked into\ndragging two links in sequence to another window (not frame), it is\npossible for the attacker to execute arbitrary commands. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-2004-0905 to this issue.\n\nGael Delalleau discovered an integer overflow which affects the BMP\nhandling code inside Mozilla. An attacker could create a carefully crafted\nBMP file in such a way that it would cause Mozilla to crash or execute\narbitrary code when the image is viewed. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CAN-2004-0904 to\nthis issue.\n\nGeorgi Guninski discovered a stack-based buffer overflow in the vCard\ndisplay routines. An attacker could create a carefully crafted vCard file\nin such a way that it would cause Mozilla to crash or execute arbitrary\ncode when viewed. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2004-0903 to this issue.\n\nWladimir Palant discovered a flaw in the way javascript interacts with\nthe clipboard. It is possible that an attacker could use malicious\njavascript code to steal sensitive data which has been copied into the\nclipboard. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2004-0908 to this issue.\n\nGeorgi Guninski discovered a heap based buffer overflow in the \"Send\nPage\" feature. It is possible that an attacker could construct a link in\nsuch a way that a user attempting to forward it could result in a crash or\narbitrary code execution. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2004-0902 to this issue.\n\nUsers of Mozilla should update to these updated packages, which contain\nbackported patches and are not vulnerable to these issues.", "published": "2004-09-30T04:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2004:486", "cvelist": ["CVE-2004-0902", "CVE-2004-0903", "CVE-2004-0904", "CVE-2004-0905", "CVE-2004-0908"], "lastseen": "2018-03-14T15:44:00"}], "gentoo": [{"id": "GLSA-200409-26", "type": "gentoo", "title": "Mozilla, Firefox, Thunderbird, Epiphany: New releases fix vulnerabilities", "description": "### Background\n\nMozilla is a popular web browser that includes a mail and newsreader. Epiphany is a web browser that uses Gecko, the Mozilla rendering engine. Mozilla Firefox and Mozilla Thunderbird are respectively the next-generation browser and mail client from the Mozilla project. \n\n### Description\n\nMozilla-based products are vulnerable to multiple security issues. Firstly routines handling the display of BMP images and VCards contain an integer overflow and a stack buffer overrun. Specific pages with long links, when sent using the \"Send Page\" function, and links with non-ASCII hostnames could both cause heap buffer overruns. \n\nSeveral issues were found and fixed in JavaScript rights handling: untrusted script code could read and write to the clipboard, signed scripts could build confusing grant privileges dialog boxes, and when dragged onto trusted frames or windows, JavaScript links could access information and rights of the target frame or window. Finally, Mozilla-based mail clients (Mozilla and Mozilla Thunderbird) are vulnerable to a heap overflow caused by invalid POP3 mail server responses. \n\n### Impact\n\nAn attacker might be able to run arbitrary code with the rights of the user running the software by enticing the user to perform one of the following actions: view a specially-crafted BMP image or VCard, use the \"Send Page\" function on a malicious page, follow links with malicious hostnames, drag multiple JavaScript links in a row to another window, or connect to an untrusted POP3 mail server. An attacker could also use a malicious page with JavaScript to disclose clipboard contents or abuse previously-given privileges to request XPI installation privileges through a confusing dialog. \n\n### Workaround\n\nThere is no known workaround covering all vulnerabilities. \n\n### Resolution\n\nAll users should upgrade to the latest stable version: \n \n \n # emerge sync\n \n # emerge -pv your-version\n # emerge your-version", "published": "2004-09-20T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/200409-26", "cvelist": ["CVE-2004-0909", "CVE-2004-0906", "CVE-2004-0905", "CVE-2004-0903", "CVE-2004-0908", "CVE-2004-0902", "CVE-2004-0907", "CVE-2004-0904"], "lastseen": "2016-09-06T19:46:42"}], "suse": [{"id": "SUSE-SA:2004:036", "type": "suse", "title": "various vulnerabilities in mozilla", "description": "During the last months a number of security problems have been fixed in Mozilla and Mozilla based brwosers. These include:\n#### Solution\nSince there is no workaround, we recommend an update in any case if you use the mozilla browser.", "published": "2004-10-06T13:11:21", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2004-10/msg00006.html", "cvelist": ["CVE-2004-0909", "CVE-2004-0765", "CVE-2004-0906", "CVE-2004-0905", "CVE-2004-0903", "CVE-2004-0762", "CVE-2004-0758", "CVE-2004-0908", "CVE-2004-0902", "CVE-2004-0718", "CVE-2004-0764", "CVE-2004-0757", "CVE-2004-0760", "CVE-2004-0904", "CVE-2004-0722", "CVE-2004-0759", "CVE-2004-0763", "CVE-2004-0761"], "lastseen": "2016-04-13T01:00:44"}]}}