New Search

Mozilla XUL Drag and Drop Security Bypass Vulnerability

oval:org.mitre.oval:def:100026

FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar a variant of CVE-2005-0527 aka "Firescrolling 2."

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows NT
  • Microsoft Windows Server 2003
  • Microsoft Windows XP
  • Microsoft Windows 2000
Class:
vulnerability
Reference(s):
  • CVE-2005-0401
Product(s):
  • Mozilla Firefox
  • mozilla