ID CVE-2005-0401
Summary FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka "Firescrolling 2."
References
Vulnerable Configurations
  • Mozilla Firefox 0.8
    cpe:2.3:a:mozilla:firefox:0.8
  • Mozilla Firefox 0.9
    cpe:2.3:a:mozilla:firefox:0.9
  • Mozilla Firefox 0.9 rc
    cpe:2.3:a:mozilla:firefox:0.9:rc
  • Mozilla Firefox 0.9.1
    cpe:2.3:a:mozilla:firefox:0.9.1
  • Mozilla Firefox 0.9.2
    cpe:2.3:a:mozilla:firefox:0.9.2
  • Mozilla Firefox 0.9.3
    cpe:2.3:a:mozilla:firefox:0.9.3
  • Mozilla Firefox 0.10
    cpe:2.3:a:mozilla:firefox:0.10
  • Mozilla Firefox 0.10.1
    cpe:2.3:a:mozilla:firefox:0.10.1
  • Mozilla Firefox 1.0
    cpe:2.3:a:mozilla:firefox:1.0
  • Mozilla Mozilla 1.3
    cpe:2.3:a:mozilla:mozilla:1.3
  • Mozilla Mozilla 1.4
    cpe:2.3:a:mozilla:mozilla:1.4
  • Mozilla Mozilla 1.4a
    cpe:2.3:a:mozilla:mozilla:1.4:alpha
  • Mozilla Mozilla 1.4.1
    cpe:2.3:a:mozilla:mozilla:1.4.1
  • Mozilla Mozilla 1.5
    cpe:2.3:a:mozilla:mozilla:1.5
  • Mozilla Mozilla 1.5 alpha
    cpe:2.3:a:mozilla:mozilla:1.5:alpha
  • Mozilla Mozilla 1.5 rc1
    cpe:2.3:a:mozilla:mozilla:1.5:rc1
  • Mozilla Mozilla 1.5 rc2
    cpe:2.3:a:mozilla:mozilla:1.5:rc2
  • Mozilla Mozilla 1.5.1
    cpe:2.3:a:mozilla:mozilla:1.5.1
  • Mozilla Mozilla 1.6
    cpe:2.3:a:mozilla:mozilla:1.6
  • Mozilla Mozilla 1.6 alpha
    cpe:2.3:a:mozilla:mozilla:1.6:alpha
  • Mozilla Mozilla 1.6 beta
    cpe:2.3:a:mozilla:mozilla:1.6:beta
  • Mozilla Mozilla 1.7
    cpe:2.3:a:mozilla:mozilla:1.7
  • Mozilla Mozilla 1.7 alpha
    cpe:2.3:a:mozilla:mozilla:1.7:alpha
  • Mozilla Mozilla 1.7 beta
    cpe:2.3:a:mozilla:mozilla:1.7:beta
  • Mozilla Mozilla 1.7 rc1
    cpe:2.3:a:mozilla:mozilla:1.7:rc1
  • Mozilla Mozilla 1.7 rc2
    cpe:2.3:a:mozilla:mozilla:1.7:rc2
  • Mozilla Mozilla 1.7 rc3
    cpe:2.3:a:mozilla:mozilla:1.7:rc3
  • Mozilla Mozilla 1.7.1
    cpe:2.3:a:mozilla:mozilla:1.7.1
  • Mozilla Mozilla 1.7.2
    cpe:2.3:a:mozilla:mozilla:1.7.2
  • Mozilla Mozilla 1.7.3
    cpe:2.3:a:mozilla:mozilla:1.7.3
  • Mozilla Mozilla 1.7.5
    cpe:2.3:a:mozilla:mozilla:1.7.5
CVSS
Base: 5.1 (as of 07-06-2005 - 11:47)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Windows
    NASL id MOZILLA_176.NASL
    description The remote version of Mozilla contains multiple security issues that could allow an attacker to impersonate a website and to trick a user into accepting and executing arbitrary files or to cause a heap overflow in the FireFox process and execute arbitrary code on the remote host.
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 17604
    published 2005-03-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17604
    title Mozilla Browser < 1.7.6 Multiple Vulnerabilities
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200503-31.NASL
    description The remote host is affected by the vulnerability described in GLSA-200503-31 (Mozilla Firefox: Multiple vulnerabilities) The following vulnerabilities were found and fixed in Mozilla Firefox: Mark Dowd from ISS X-Force reported an exploitable heap overrun in the GIF processing of obsolete Netscape extension 2 (CAN-2005-0399) Kohei Yoshino discovered that a page bookmarked as a sidebar could bypass privileges control (CAN-2005-0402) Michael Krax reported a new way to bypass XUL security restrictions through drag-and-drop of items like scrollbars (CAN-2005-0401) Impact : The GIF heap overflow could be triggered by a malicious GIF image that would end up executing arbitrary code with the rights of the user running Firefox By tricking the user into bookmarking a malicious page as a Sidebar, a remote attacker could potentially execute arbitrary code with the rights of the user running the browser By setting up a malicious website and convincing users to obey very specific drag-and-drop instructions, attackers may leverage drag-and-drop features to bypass XUL security restrictions, which could be used as a stepping stone to exploit other vulnerabilities Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 17620
    published 2005-03-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17620
    title GLSA-200503-31 : Mozilla Firefox: Multiple vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-335.NASL
    description Updated mozilla packages that fix various bugs are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. A buffer overflow bug was found in the way Mozilla processes GIF images. It is possible for an attacker to create a specially crafted GIF image, which when viewed by a victim will execute arbitrary code as the victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0399 to this issue. A bug was found in the way Mozilla responds to proxy auth requests. It is possible for a malicious webserver to steal credentials from a victims browser by issuing a 407 proxy authentication request. (CVE-2005-0147) A bug was found in the way Mozilla displays dialog windows. It is possible that a malicious web page which is being displayed in a background tab could present the user with a dialog window appearing to come from the active page. (CVE-2004-1380) A bug was found in the way Mozilla Mail handles cookies when loading content over HTTP regardless of the user's preference. It is possible that a particular user could be tracked through the use of malicious mail messages which load content over HTTP. (CVE-2005-0149) A flaw was found in the way Mozilla displays international domain names. It is possible for an attacker to display a valid URL, tricking the user into thinking they are viewing a legitimate webpage when they are not. (CVE-2005-0233) A bug was found in the way Mozilla handles pop-up windows. It is possible for a malicious website to control the content in an unrelated site's pop-up window. (CVE-2004-1156) A bug was found in the way Mozilla saves temporary files. Temporary files are saved with world readable permissions, which could allow a local malicious user to view potentially sensitive data. (CVE-2005-0142) A bug was found in the way Mozilla handles synthetic middle click events. It is possible for a malicious web page to steal the contents of a victims clipboard. (CVE-2005-0146) A bug was found in the way Mozilla processes XUL content. If a malicious web page can trick a user into dragging an object, it is possible to load malicious XUL content. (CVE-2005-0401) A bug was found in the way Mozilla loads links in a new tab which are middle clicked. A malicious web page could read local files or modify privileged chrom settings. (CVE-2005-0141) A bug was found in the way Mozilla displays the secure site icon. A malicious web page can use a view-source URL targetted at a secure page, while loading an insecure page, yet the secure site icon shows the previous secure state. (CVE-2005-0144) A bug was found in the way Mozilla displays the secure site icon. A malicious web page can display the secure site icon by loading a binary file from a secured site. (CVE-2005-0143) A bug was found in the way Mozilla displays the download dialog window. A malicious site can obfuscate the content displayed in the source field, tricking a user into thinking they are downloading content from a trusted source. (CVE-2005-0585) Users of Mozilla are advised to upgrade to this updated package which contains Mozilla version 1.7.6 to correct these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 17626
    published 2005-03-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17626
    title RHEL 4 : mozilla (RHSA-2005:335)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-088.NASL
    description A number of security vulnerabilities were fixed in the Mozilla Firefox 1.0.4 and Mozilla Suite 1.7.8 releases. Patches have been backported where appropriate; Corporate 3.0 is receiving the new Mozilla Suite 1.7.8 release. The following issues have been fixed in both Mozilla Firefox and Mozilla Suite : - A flaw in the JavaScript regular expression handling could lead to a disclosure of browser memory, potentially exposing private data from web pages viewed, passwords, or similar data sent to other web pages. It could also crash the browser itself (CVE-2005-0989, MFSA 2005-33) - With manual Plugin install, it was possible for the Plugin to execute JavaScript code with the installing user's privileges (CVE-2005-0752 and MFSA 2005-34) - The popup for showing blocked JavaScript used the wrong privilege context which could be sued for privilege escalation (CVE-2005-1153 and MFSA 2005-35) - Cross-site scripting through global scope pollution could lead an attacker to being able to run code in foreign websites context, leading to the potential sniffing of information or performing actions in that context (CVE-2005-1154 and MFSA 2005-36) - Code execution through JavaScript via favicons ('firelinking') could be used for privilege escalation (CVE-2005-1155 and MFSA 2005-37) - Search plugin cross-site scripting ('firesearching') (CVE-2005-1156, CVE-2005-1157, and MFSA 2005-38) - Arbitrary code execution via the Firefox sidebar panel II (CVE-2005-1158 and MFSA 2005-39) - Missing Install object instance checks (CVE-2005-1159 and MFSA 2005-40) - Privilege escalation via DOM property overrides (CVE-2005-1160 and MFSA 2005-41) - Code execution via javacript: IconURL (MFSA 2005-42) - Security check bypass by wrapping a javascript: URL in the view-source: pseudo protocol (MFSA 2005-43) - Privilege escalation via non-DOM property overrides (MFSA 2005-44) In addition to the vulnerabilities previously noted, the following issues have been fixed in the Mozilla Suite 1.7.2 packages : - Bypass restriction on opening privileged XUL (CVE-2005-0401 and MSF 2005-32) - Arbitrary code execution via a GIF processing error when parsing obsolete Netscape extension 2 leading to an exploitable heap overrun (CVE-2005-0401 and MFSA 2005-32) - International Domain Name support could allow for characters that look similar to other english letters to be used in constructing nearly perfect phishing sites (MFSA 2005-29) - Predictable plugin temporary directory name (MFSA 2005-28) - Plugins can be used to load privileged content into a frame (CVE-2005-0527 and MFSA 2005-27) - Cross-site scripting attack via dropping javascript: links on a tab (MFSA 2005-26) - Image dragging-and-drop from a web page to the desktop preserve their original name and extension; if this were an executable extension then the file would be executed rather than opened in a media application (MFSA 2005-25) - HTTP authentication prompt tab spoofing (MFSA 2005-24) - Download dialog source can be disguised by using a host name long enough that most significant parts are truncated, allowing a malicious site to spoof the origin of the file (MFSA 2005-23) - Download dialog spoofing via supplied Content-Disposition header could allow for a file to look like a safe file (ie. a JPEG image) and when downloaded saved with an executable extension (MFSA 2005-22) - XSLT can include stylesheets from arbitrary hosts (MFSA 2005-20) - Memory handling flaw in Mozilla string classes that could overwrite memory at a fixed location if reallocation fails during string growth (MFSA 2005-18) - Install source spoofing with user:pass@host (MFSA 2005-17) - Spoofing download and security dialogs with overlapping windows (MFSA 2005-16) - It is possible for a UTF8 string with invalid sequences to trigger a heap overflow of converted Unicode data (MFSA 2005-15) - SSL 'secure site' indicator spoofing (MFSA 2005-14) - Mozilla mail clients responded to cookie requests accompanying content loaded over HTTP, ignoring the setting of the preference 'network.cookie.disableCookieForMailNews' which could be used to track people (MFSA 2005-11) - Browser responds to proxy authentication requests from non-proxy servers (SSL/HTTPS) (MFSA 2005-09) - Snythetic middle-click event can steal clipboard contents (MFSA 2005-08) - In windows with multiple tabs, malicious content in a background tab can attempt to steal information intended for the topmost tab by popping up a prompt dialog that appears to come from the trusted site, or by silently redirecting input focus to a background tab hoping to catch the user inputting something sensitive (MFSA 2005-05) - Secure site lock can be spoofed with 'view-source:' (MFSA 2005-04) - An insecure page triggering a load of a binary file from a secure server will cause the SSL lock icon to appear; the certificate information is that of the binary file's host and the location bar URL shows the original insecure page (MFSA 2005-03) - Temporary files are saved with world-readable permissions (MFSA 2005-02) - A vulnerability in the NNTP handling code could cause a heap overflow and execute arbitrary code on the client machine (isec-0020) - A number of other minor bugs were fixed as well. Mandriva recommends all users to upgrade to these packages immediately.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 18277
    published 2005-05-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18277
    title Mandrake Linux Security Advisory : mozilla (MDKSA-2005:088)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-149-3.NASL
    description USN-149-1 fixed some vulnerabilities in the Ubuntu 5.04 (Hoary Hedgehog) version of Firefox. The version shipped with Ubuntu 4.10 (Warty Warthog) is also vulnerable to these flaws, so it needs to be upgraded as well. Please see http://www.ubuntulinux.org/support/documentation/usn/usn-149-1 for the original advisory. This update also fixes several older vulnerabilities; Some of them could be exploited to execute arbitrary code with full user privileges if the user visited a malicious website. (MFSA-2005-01 to MFSA-2005-44; please see the following website for details: http://www.mozilla.org/projects/security/known-vulnerabilities.html) Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 20546
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20546
    title Ubuntu 4.10 : mozilla-firefox vulnerabilities (USN-149-3)
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_102.NASL
    description The remote version of Firefox contains various security issues that may allow an attacker to impersonate a website and to trick a user into accepting and executing arbitrary files or to cause a heap overflow in the FireFox process and execute arbitrary code on the remote host.
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 17603
    published 2005-03-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17603
    title Firefox < 1.0.2 Multiple Vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-336.NASL
    description Updated firefox packages that fix various bugs are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. A buffer overflow bug was found in the way Firefox processes GIF images. It is possible for an attacker to create a specially crafted GIF image, which when viewed by a victim will execute arbitrary code as the victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0399 to this issue. A bug was found in the way Firefox processes XUL content. If a malicious web page can trick a user into dragging an object, it is possible to load malicious XUL content. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0401 to this issue. A bug was found in the way Firefox bookmarks content to the sidebar. If a user can be tricked into bookmarking a malicious web page into the sidebar panel, that page could execute arbitrary programs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0402 to this issue. Users of Firefox are advised to upgrade to this updated package which contains Firefox version 1.0.2 and is not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 17627
    published 2005-03-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17627
    title RHEL 4 : firefox (RHSA-2005:336)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200503-30.NASL
    description The remote host is affected by the vulnerability described in GLSA-200503-30 (Mozilla Suite: Multiple vulnerabilities) The following vulnerabilities were found and fixed in the Mozilla Suite: Mark Dowd from ISS X-Force reported an exploitable heap overrun in the GIF processing of obsolete Netscape extension 2 (CAN-2005-0399) Michael Krax reported that plugins can be used to load privileged content and trick the user to interact with it (CAN-2005-0232, CAN-2005-0527) Michael Krax also reported potential spoofing or cross-site-scripting issues through overlapping windows, image or scrollbar drag-and-drop, and by dropping javascript: links on tabs (CAN-2005-0230, CAN-2005-0231, CAN-2005-0401, CAN-2005-0591) Daniel de Wildt and Gael Delalleau discovered a memory overwrite in a string library (CAN-2005-0255) Wind Li discovered a possible heap overflow in UTF8 to Unicode conversion (CAN-2005-0592) Eric Johanson reported that Internationalized Domain Name (IDN) features allow homograph attacks (CAN-2005-0233) Mook, Doug Turner, Kohei Yoshino and M. Deaudelin reported various ways of spoofing the SSL 'secure site' indicator (CAN-2005-0593) Georgi Guninski discovered that XSLT can include stylesheets from arbitrary hosts (CAN-2005-0588) Secunia discovered a way of injecting content into a popup opened by another website (CAN-2004-1156) Phil Ringnalda reported a possible way to spoof Install source with user:pass@host (CAN-2005-0590) Jakob Balle from Secunia discovered a possible way of spoofing the Download dialog source (CAN-2005-0585) Christian Schmidt reported a potential spoofing issue in HTTP auth prompt tab (CAN-2005-0584) Finally, Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that Mozilla insecurely creates temporary filenames in /tmp/plugtmp (CAN-2005-0578) Impact : The GIF heap overflow could be triggered by a malicious GIF image that would end up executing arbitrary code with the rights of the user running Mozilla. The other overflow issues, while not thought to be exploitable, would have the same impact By setting up malicious websites and convincing users to follow untrusted links or obey very specific drag-and-drop or download instructions, attackers may leverage the various spoofing issues to fake other websites to get access to confidential information, push users to download malicious files or make them interact with their browser preferences The temporary directory issue allows local attackers to overwrite arbitrary files with the rights of another local user Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 17619
    published 2005-03-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17619
    title GLSA-200503-30 : Mozilla Suite: Multiple vulnerabilities
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2005-384.NASL
    description Updated Mozilla packages that fix various security bugs are now available. This update has been rated as having Important security impact by the Red Hat Security Response Team. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several bugs were found with the way Mozilla displays the secure site icon. It is possible that a malicious website could display the secure site icon along with incorrect certificate information. (CVE-2005-0143 CVE-2005-0593) A bug was found in the way Mozilla handles synthetic middle click events. It is possible for a malicious web page to steal the contents of a victims clipboard. (CVE-2005-0146) Several bugs were found with the way Mozilla handles temporary files. A local user could view sensitive temporary information or delete arbitrary files. (CVE-2005-0142 CVE-2005-0578) A bug was found in the way Mozilla handles pop-up windows. It is possible for a malicious website to control the content in an unrelated site's pop-up window. (CVE-2004-1156) A flaw was found in the way Mozilla displays international domain names. It is possible for an attacker to display a valid URL, tricking the user into thinking they are viewing a legitimate webpage when they are not. (CVE-2005-0233) A bug was found in the way Mozilla processes XUL content. If a malicious web page can trick a user into dragging an object, it is possible to load malicious XUL content. (CVE-2005-0401) A bug was found in the way Mozilla handles xsl:include and xsl:import directives. It is possible for a malicious website to import XSLT stylesheets from a domain behind a firewall, leaking information to an attacker. (CVE-2005-0588) Several bugs were found in the way Mozilla displays alert dialogs. It is possible for a malicious webserver or website to trick a user into thinking the dialog window is being generated from a trusted site. (CVE-2005-0586 CVE-2005-0591 CVE-2005-0585 CVE-2005-0590 CVE-2005-0584) A bug was found in the Mozilla JavaScript security manager. If a user drags a malicious link to a tab, the JavaScript security manager is bypassed, which could result in remote code execution or information disclosure. (CVE-2005-0231) A bug was found in the way Mozilla allows plug-ins to load privileged content into a frame. It is possible that a malicious webpage could trick a user into clicking in certain places to modify configuration settings or execute arbitrary code. (CVE-2005-0232 and CVE-2005-0527) A bug was found in the way Mozilla handles anonymous functions during regular expression string replacement. It is possible for a malicious web page to capture a random block of browser memory. (CVE-2005-0989) A bug was found in the way Mozilla displays pop-up windows. If a user choses to open a pop-up window whose URL is malicious JavaScript, the script will be executed with elevated privileges. (CVE-2005-1153) A bug was found in the way Mozilla installed search plugins. If a user chooses to install a search plugin from a malicious site, the new plugin could silently overwrite an existing plugin. This could allow the malicious plugin to execute arbitrary code and stealm sensitive information. (CVE-2005-1156 CVE-2005-1157) Several bugs were found in the Mozilla JavaScript engine. A malicious web page could leverage these issues to execute JavaScript with elevated privileges or steal sensitive information. (CVE-2005-1154 CVE-2005-1155 CVE-2005-1159 CVE-2005-1160) Users of Mozilla are advised to upgrade to this updated package which contains Mozilla version 1.7.7 to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21930
    published 2006-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21930
    title CentOS 3 : mozilla (CESA-2005:384)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-384.NASL
    description Updated Mozilla packages that fix various security bugs are now available. This update has been rated as having Important security impact by the Red Hat Security Response Team. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several bugs were found with the way Mozilla displays the secure site icon. It is possible that a malicious website could display the secure site icon along with incorrect certificate information. (CVE-2005-0143 CVE-2005-0593) A bug was found in the way Mozilla handles synthetic middle click events. It is possible for a malicious web page to steal the contents of a victims clipboard. (CVE-2005-0146) Several bugs were found with the way Mozilla handles temporary files. A local user could view sensitive temporary information or delete arbitrary files. (CVE-2005-0142 CVE-2005-0578) A bug was found in the way Mozilla handles pop-up windows. It is possible for a malicious website to control the content in an unrelated site's pop-up window. (CVE-2004-1156) A flaw was found in the way Mozilla displays international domain names. It is possible for an attacker to display a valid URL, tricking the user into thinking they are viewing a legitimate webpage when they are not. (CVE-2005-0233) A bug was found in the way Mozilla processes XUL content. If a malicious web page can trick a user into dragging an object, it is possible to load malicious XUL content. (CVE-2005-0401) A bug was found in the way Mozilla handles xsl:include and xsl:import directives. It is possible for a malicious website to import XSLT stylesheets from a domain behind a firewall, leaking information to an attacker. (CVE-2005-0588) Several bugs were found in the way Mozilla displays alert dialogs. It is possible for a malicious webserver or website to trick a user into thinking the dialog window is being generated from a trusted site. (CVE-2005-0586 CVE-2005-0591 CVE-2005-0585 CVE-2005-0590 CVE-2005-0584) A bug was found in the Mozilla JavaScript security manager. If a user drags a malicious link to a tab, the JavaScript security manager is bypassed, which could result in remote code execution or information disclosure. (CVE-2005-0231) A bug was found in the way Mozilla allows plug-ins to load privileged content into a frame. It is possible that a malicious webpage could trick a user into clicking in certain places to modify configuration settings or execute arbitrary code. (CVE-2005-0232 and CVE-2005-0527) A bug was found in the way Mozilla handles anonymous functions during regular expression string replacement. It is possible for a malicious web page to capture a random block of browser memory. (CVE-2005-0989) A bug was found in the way Mozilla displays pop-up windows. If a user choses to open a pop-up window whose URL is malicious JavaScript, the script will be executed with elevated privileges. (CVE-2005-1153) A bug was found in the way Mozilla installed search plugins. If a user chooses to install a search plugin from a malicious site, the new plugin could silently overwrite an existing plugin. This could allow the malicious plugin to execute arbitrary code and stealm sensitive information. (CVE-2005-1156 CVE-2005-1157) Several bugs were found in the Mozilla JavaScript engine. A malicious web page could leverage these issues to execute JavaScript with elevated privileges or steal sensitive information. (CVE-2005-1154 CVE-2005-1155 CVE-2005-1159 CVE-2005-1160) Users of Mozilla are advised to upgrade to this updated package which contains Mozilla version 1.7.7 to correct these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 18162
    published 2005-04-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18162
    title RHEL 2.1 / 3 : Mozilla (RHSA-2005:384)
oval via4
  • accepted 2007-05-09T16:10:37.223-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Matthew Wojcik
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    description FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka "Firescrolling 2."
    family windows
    id oval:org.mitre.oval:def:100026
    status accepted
    submitted 2005-08-16T12:00:00.000-04:00
    title Mozilla XUL Drag and Drop Security Bypass Vulnerability
    version 6
  • accepted 2013-04-29T04:21:03.459-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    description FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka "Firescrolling 2."
    family unix
    id oval:org.mitre.oval:def:9650
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
    version 23
redhat via4
advisories
  • rhsa
    id RHSA-2005:335
  • rhsa
    id RHSA-2005:336
  • rhsa
    id RHSA-2005:384
refmap via4
bid 12885
bugtraq 20050324 Firescrolling 2 [Firefox 1.0.1]
confirm http://www.mozilla.org/security/announce/mfsa2005-32.html
gentoo GLSA-200503-30
hp
  • HPSBUX01133
  • SSRT5940
misc http://mikx.de/firescrolling2/
secunia 14654
vupen ADV-2005-0296
Last major update 17-10-2016 - 23:11
Published 02-05-2005 - 00:00
Last modified 02-05-2018 - 21:29
Back to Top