Lucene search

K
cve[email protected]CVE-2005-0401
HistoryMay 02, 2005 - 4:00 a.m.

CVE-2005-0401

2005-05-0204:00:00
NVD-CWE-Other
web.nvd.nist.gov
28
cve-2005-0401
firefox
mozilla
vulnerability
chrome files
firescrolling 2

7.1 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.139 Low

EPSS

Percentile

95.5%

FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka “Firescrolling 2.”

7.1 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.139 Low

EPSS

Percentile

95.5%

Related for CVE-2005-0401