MEDIUM
FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka "Firescrolling 2."
http://marc.info/?l=bugtraq&m=111168413007891&w=2
http://mikx.de/firescrolling2/
http://secunia.com/advisories/14654
http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml
http://www.mozilla.org/security/announce/mfsa2005-32.html
http://www.redhat.com/support/errata/RHSA-2005-335.html
http://www.redhat.com/support/errata/RHSA-2005-336.html
http://www.redhat.com/support/errata/RHSA-2005-384.html
http://www.securityfocus.com/bid/12885
http://www.vupen.com/english/advisories/2005/0296
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100026
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9650
Source: MITRE
Published: 2005-05-02
Updated: 2018-05-03
Type: NVD-CWE-Other
Base Score: 5.1
Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:P)
Impact Score: 6.4
Exploitability Score: 4.9
Severity: MEDIUM