CVE-2005-0401 Information

Description

FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar a variant of CVE-2005-0527 aka \Firescrolling 2.\

Reference

http://marc.info/?l=bugtraq&m=111168413007891&w=2 http://mikx.de/firescrolling2/ http://secunia.com/advisories/14654 http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml http://www.mozilla.org/security/announce/mfsa2005-32.html http://www.redhat.com/support/errata/RHSA-2005-335.html http://www.redhat.com/support/errata/RHSA-2005-336.html http://www.redhat.com/support/errata/RHSA-2005-384.html http://www.securityfocus.com/bid/12885 http://www.vupen.com/english/advisories/2005/0296 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A100026 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A9650