7.1 High
AI Score
Confidence
Low
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.139 Low
EPSS
Percentile
95.5%
FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka “Firescrolling 2.”
marc.info/?l=bugtraq&m=111168413007891&w=2
mikx.de/firescrolling2/
secunia.com/advisories/14654
www.gentoo.org/security/en/glsa/glsa-200503-30.xml
www.mozilla.org/security/announce/mfsa2005-32.html
www.redhat.com/support/errata/RHSA-2005-335.html
www.redhat.com/support/errata/RHSA-2005-336.html
www.redhat.com/support/errata/RHSA-2005-384.html
www.securityfocus.com/bid/12885
www.vupen.com/english/advisories/2005/0296
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100026
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9650