5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.139 Low
EPSS
Percentile
95.6%
FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all
attack vectors for loading chrome files and hijacking drag and drop events,
which allows remote attackers to execute arbitrary XUL code by tricking a
user into dragging a scrollbar, a variant of CVE-2005-0527, aka
“Firescrolling 2.”