FireFox 1.0.1 and Mozilla prior to 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote malicious users to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka "Firescrolling 2."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox 0.9.3 |
||
mozilla firefox 0.9 |
||
mozilla mozilla 1.5 |
||
mozilla mozilla 1.7.2 |
||
mozilla mozilla 1.7.3 |
||
mozilla firefox 0.8 |
||
mozilla mozilla 1.4 |
||
mozilla mozilla 1.4.1 |
||
mozilla mozilla 1.6 |
||
mozilla mozilla 1.7 |
||
mozilla firefox 0.10 |
||
mozilla firefox 0.10.1 |
||
mozilla firefox 1.0 |
||
mozilla mozilla 1.3 |
||
mozilla mozilla 1.7.5 |
||
mozilla firefox 0.9.1 |
||
mozilla firefox 0.9.2 |
||
mozilla mozilla 1.5.1 |
||
mozilla mozilla 1.7.1 |