Firescrolling 2: Remote Code Execution Vulnerability in FireFox and Mozilla

Firescrolling 2: Remote Code Execution Vulnerability in FireFox and Mozilla

CVE-2005-0401 · MEDIUM Severity

AV:N/AC:H/AU:N/C:P/I:P/A:P

FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka "Firescrolling 2."

Learn more about our Cis Benchmark Audit For Google Chrome.