CVE-2005-0401

Publication date 2 May 2005

Last updated 24 July 2024


Ubuntu priority

FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka "Firescrolling 2."

Status

Package Ubuntu Release Status
firefox 7.04 feisty
Fixed 2.0.0.6+1-0ubuntu1
6.10 edgy
Fixed 2.0.0.6+0dfsg-0ubuntu0.6.10
6.06 LTS dapper
Fixed 1.5.dfsg+1.5.0.13~prepatch070731-0ubuntu1
firefox-granparadiso 7.04 feisty Not in release
6.10 edgy Not in release
6.06 LTS dapper Not in release
lightning-sunbird 7.04 feisty Not in release
6.10 edgy Not in release
6.06 LTS dapper Not in release
midbrowser 7.04 feisty Not in release
6.10 edgy Not in release
6.06 LTS dapper Not in release
mozilla 7.04 feisty Not in release
6.10 edgy
Fixed 1.7.13-0.2ubuntu1
6.06 LTS dapper
Not affected

References

Related Ubuntu Security Notices (USN)

    • USN-149-3
    • Ubuntu 4.10 update for Firefox vulnerabilities
    • 28 July 2005

Other references