CVE-2005-0401 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2005-0401 Interim 1 3 2021-06-09T08:33:15Z current 2021-05-30T12:32:01Z 2021-06-09T08:33:15Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2005-0401 FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka "Firescrolling 2." The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka "Firescrolling 2." CVE-2005-0401 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P