VYPR
Unrated severityNVD Advisory· Published May 2, 2005· Updated Jun 16, 2026

CVE-2005-0401

CVE-2005-0401

Description

FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka "Firescrolling 2."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

33
  • cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*+ 9 more
    • cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
    • (no CPE)range: =1.0.1
  • cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*+ 22 more
    • cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*
    • (no CPE)range: <1.7.6

Patches

Vulnerability mechanics

References

12

News mentions

0

No linked articles in our index yet.