PT-2005-1464 · Mozilla+1 · Mozilla Firefox+2

Michael Krax

Published

2005-03-23

Updated

2018-05-03

CVE-2005-0401

CVSS v2.0

5.1

Medium

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Firefox version 1.0.1 Mozilla versions prior to 1.7.6

Description The issue allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar. This is related to insufficient addressing of attack vectors for loading chrome files and hijacking drag and drop events.

Recommendations For Firefox version 1.0.1, update to a version that sufficiently addresses all attack vectors for loading chrome files and hijacking drag and drop events. For Mozilla versions prior to 1.7.6, update to version 1.7.6 or later to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-0401

RHSA-2005:335

RHSA-2005:336

RHSA-2005_335

RHSA-2005_336

RHSA-2005_384

Affected Products

Firefox

Mozilla Firefox

Red Hat

PT-2005-1464 · Mozilla+1 · Mozilla Firefox+2

CVE-2005-0401

Related Identifiers

Affected Products

References · 66