CVE-2005-0401

2005-05-0200:00:00

ubuntu.com

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

EPSS

0.683

Percentile

98.0%

JSON

FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all
attack vectors for loading chrome files and hijacking drag and drop events,
which allows remote attackers to execute arbitrary XUL code by tricking a
user into dragging a scrollbar, a variant of CVE-2005-0527, aka
“Firescrolling 2.”

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchfirefox< 1.5.dfsg+1.5.0.13~prepatch070731-0ubuntu1UNKNOWN
ubuntu6.10noarchfirefox< 2.0.0.6+0dfsg-0ubuntu0.6.10UNKNOWN
ubuntu7.04noarchfirefox< 2.0.0.6+1-0ubuntu1UNKNOWN
ubuntu6.10noarchmozilla< 1.7.13-0.2ubuntu1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	6.06	noarch	firefox	< 1.5.dfsg+1.5.0.13~prepatch070731-0ubuntu1	UNKNOWN
ubuntu	6.10	noarch	firefox	< 2.0.0.6+0dfsg-0ubuntu0.6.10	UNKNOWN
ubuntu	7.04	noarch	firefox	< 2.0.0.6+1-0ubuntu1	UNKNOWN
ubuntu	6.10	noarch	mozilla	< 1.7.13-0.2ubuntu1	UNKNOWN