Unrated severityNVD Advisory· Published Sep 14, 2004· Updated Jun 16, 2026
CVE-2004-0905
CVE-2004-0905
Description
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
65cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*
- (no CPE)range: < Preview Release
cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*+ 25 more
- cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.1:beta:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.2:alpha:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.2:beta:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.4:beta:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*
- (no CPE)range: < 1.7.3
cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*+ 8 more
- cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*
- cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:1.0:*:desktop:*:*:*:*:*+ 7 more
- cpe:2.3:o:suse:suse_linux:1.0:*:desktop:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*
- Range: < 0.8
Patches
Vulnerability mechanics
References
11- bugzilla.mozilla.org/show_bug.cginvdPatchVendor Advisory
- security.gentoo.org/glsa/glsa-200409-26.xmlnvdPatchVendor Advisory
- www.kb.cert.org/vuls/id/651928nvdPatchThird Party AdvisoryUS Government Resource
- www.novell.com/linux/security/advisories/2004_36_mozilla.htmlnvdPatchVendor Advisory
- www.us-cert.gov/cas/techalerts/TA04-261A.htmlnvdPatchThird Party AdvisoryUS Government Resource
- www.securityfocus.com/bid/11177nvdExploitPatchVendor Advisory
- www.mozilla.org/projects/security/known-vulnerabilities.htmlnvdVendor Advisory
- marc.infonvd
- marc.infonvd
- exchange.xforce.ibmcloud.com/vulnerabilities/17374nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10378nvd
News mentions
0No linked articles in our index yet.