CVE-2005-0401

high

Description

FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka "Firescrolling 2."

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9650

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100026

http://www.vupen.com/english/advisories/2005/0296

http://www.redhat.com/support/errata/RHSA-2005-384.html

http://www.redhat.com/support/errata/RHSA-2005-336.html

http://www.redhat.com/support/errata/RHSA-2005-335.html

http://www.mozilla.org/security/announce/mfsa2005-32.html

http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml

http://secunia.com/advisories/14654

http://marc.info/?l=bugtraq&m=111168413007891&w=2

Details

Source: Mitre, NVD

Published: 2005-05-02

Updated: 2025-04-03

Risk Information

CVSS v2

Base Score: 5.1

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.03853