ID CVE-2005-0527
Summary Firefox 1.0 allows remote attackers to execute arbitrary code via plugins that load "privileged content" into frames, as demonstrated using certain XUL events when a user drags a scrollbar two times, aka "Firescrolling."
References
Vulnerable Configurations
  • cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
CVSS
Base: 5.1 (as of 11-10-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
assigner via4 cve@mitre.org
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:P/A:P
oval via4
  • accepted 2007-05-09T16:10:38.529-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Matthew Wojcik
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    description Firefox 1.0 allows remote attackers to execute arbitrary code via plugins that load "privileged content" into frames, as demonstrated using certain XUL events when a user drags a scrollbar two times, aka "Firescrolling."
    family windows
    id oval:org.mitre.oval:def:100031
    status accepted
    submitted 2005-08-16T12:00:00.000-04:00
    title Mozilla Privileged Content Loading Vulnerability
    version 6
  • accepted 2013-04-29T04:15:40.769-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    description Firefox 1.0 allows remote attackers to execute arbitrary code via plugins that load "privileged content" into frames, as demonstrated using certain XUL events when a user drags a scrollbar two times, aka "Firescrolling."
    family unix
    id oval:org.mitre.oval:def:11772
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Firefox 1.0 allows remote attackers to execute arbitrary code via plugins that load "privileged content" into frames, as demonstrated using certain XUL events when a user drags a scrollbar two times, aka "Firescrolling."
    version 23
redhat via4
advisories
  • rhsa
    id RHSA-2005:176
  • rhsa
    id RHSA-2005:384
refmap via4
bugtraq 20050225 Firescrolling [Firefox 1.0]
confirm http://www.mozilla.org/security/announce/mfsa2005-27.html
gentoo
  • GLSA-200503-10
  • GLSA-200503-30
misc http://www.mikx.de/?p=11
sectrack 1013301
vulnerable_product via4 cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
Last major update 11-10-2017 - 01:29
Published 02-05-2005 - 04:00
Back to Top