First published: Thu Mar 24 2005(Updated: )
FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka "Firescrolling 2."
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Mozilla Firefox | =0.8 | |
Mozilla Mozilla | =1.7-alpha | |
Mozilla Mozilla | =1.7-rc1 | |
Mozilla Mozilla | =1.5-rc2 | |
Mozilla Mozilla | =1.7 | |
Mozilla Firefox | =0.9.1 | |
Mozilla Mozilla | =1.7.5 | |
Mozilla Firefox | =0.10.1 | |
Mozilla Firefox | =0.9 | |
Mozilla Mozilla | =1.6-beta | |
Mozilla Mozilla | =1.4.1 | |
Mozilla Mozilla | =1.5-alpha | |
Mozilla Mozilla | =1.5-rc1 | |
Mozilla Mozilla | =1.3 | |
Mozilla Firefox | =1.0 | |
Mozilla Mozilla | =1.7-beta | |
Mozilla Mozilla | =1.4 | |
Mozilla Mozilla | =1.5 | |
Mozilla Mozilla | =1.7.1 | |
Mozilla Firefox | =0.9.3 | |
Mozilla Mozilla | =1.4-alpha | |
Mozilla Mozilla | =1.5.1 | |
Mozilla Firefox | =0.9.2 | |
Mozilla Mozilla | =1.7.2 | |
Mozilla Firefox | =0.9-rc | |
Mozilla Mozilla | =1.7-rc3 | |
Mozilla Mozilla | =1.7-rc2 | |
Mozilla Firefox | =0.10 | |
Mozilla Mozilla | =1.7.3 | |
Mozilla Mozilla | =1.6-alpha | |
Mozilla Mozilla | =1.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.