CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
98.0%
FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka “Firescrolling 2.”
Vendor | Product | Version | CPE |
---|---|---|---|
mozilla | firefox | 0.8 | cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:* |
mozilla | firefox | 0.9 | cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:* |
mozilla | firefox | 0.9 | cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:* |
mozilla | firefox | 0.9.1 | cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:* |
mozilla | firefox | 0.9.2 | cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:* |
mozilla | firefox | 0.9.3 | cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:* |
mozilla | firefox | 0.10 | cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:* |
mozilla | firefox | 0.10.1 | cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:* |
mozilla | firefox | 1.0 | cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:* |
mozilla | mozilla | 1.3 | cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:* |
marc.info/?l=bugtraq&m=111168413007891&w=2
mikx.de/firescrolling2/
secunia.com/advisories/14654
www.gentoo.org/security/en/glsa/glsa-200503-30.xml
www.mozilla.org/security/announce/mfsa2005-32.html
www.redhat.com/support/errata/RHSA-2005-335.html
www.redhat.com/support/errata/RHSA-2005-336.html
www.redhat.com/support/errata/RHSA-2005-384.html
www.securityfocus.com/bid/12885
www.vupen.com/english/advisories/2005/0296
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100026
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9650