Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2005-0527 | First vendor Publication | 2005-05-02 |
| Vendor | Cve | Last vendor Modification | 2017-10-11 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:H/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 5.1 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | High |
| Cvss Expoit Score | 4.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Firefox 1.0 allows remote attackers to execute arbitrary code via plugins that load "privileged content" into frames, as demonstrated using certain XUL events when a user drags a scrollbar two times, aka "Firescrolling." |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0527 |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:100031 | |||
| Oval ID: | oval:org.mitre.oval:def:100031 | ||
| Title: | Mozilla Privileged Content Loading Vulnerability | ||
| Description: | Firefox 1.0 allows remote attackers to execute arbitrary code via plugins that load "privileged content" into frames, as demonstrated using certain XUL events when a user drags a scrollbar two times, aka "Firescrolling." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2005-0527 | Version: | 5 |
| Platform(s): | Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11772 | |||
| Oval ID: | oval:org.mitre.oval:def:11772 | ||
| Title: | Firefox 1.0 allows remote attackers to execute arbitrary code via plugins that load "privileged content" into frames, as demonstrated using certain XUL events when a user drags a scrollbar two times, aka "Firescrolling." | ||
| Description: | Firefox 1.0 allows remote attackers to execute arbitrary code via plugins that load "privileged content" into frames, as demonstrated using certain XUL events when a user drags a scrollbar two times, aka "Firescrolling." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2005-0527 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200503-10 (Firefox) File : nvt/glsa_200503_10.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200503-30 (Mozilla) File : nvt/glsa_200503_30.nasl |
| 2008-09-04 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox7.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 14197 | Mozilla Browsers XPCOM Scrollbar Arbitrary Code Execution Firefox contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when downloading a malformed HTML document that includes Firefox XPCOM code to perform actions that are triggered by scrollbar actions. It is possible that the flaw may allow writing to an arbitrary local file. |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Mozilla Firefox plugin access control bypass attempt RuleID : 17265 - Revision : 13 - Type : BROWSER-FIREFOX |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2006-07-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-384.nasl - Type : ACT_GATHER_INFO |
| 2005-07-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_cbfde1cd87eb11d9aa180001020eed82.nasl - Type : ACT_GATHER_INFO |
| 2005-05-17 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-088.nasl - Type : ACT_GATHER_INFO |
| 2005-04-29 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-384.nasl - Type : ACT_GATHER_INFO |
| 2005-03-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200503-30.nasl - Type : ACT_GATHER_INFO |
| 2005-03-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-323.nasl - Type : ACT_GATHER_INFO |
| 2005-03-06 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200503-10.nasl - Type : ACT_GATHER_INFO |
| 2005-03-02 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2005-176.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-02-02 01:02:55 |
|
| 2024-02-01 12:01:39 |
|
| 2023-09-05 12:02:46 |
|
| 2023-09-05 01:01:30 |
|
| 2023-09-02 12:02:48 |
|
| 2023-09-02 01:01:30 |
|
| 2023-08-12 12:03:21 |
|
| 2023-08-12 01:01:31 |
|
| 2023-08-11 12:02:54 |
|
| 2023-08-11 01:01:33 |
|
| 2023-08-06 12:02:42 |
|
| 2023-08-06 01:01:32 |
|
| 2023-08-04 12:02:46 |
|
| 2023-08-04 01:01:33 |
|
| 2023-07-14 12:02:44 |
|
| 2023-07-14 01:01:33 |
|
| 2023-03-29 01:02:49 |
|
| 2023-03-28 12:01:37 |
|
| 2022-10-11 12:02:27 |
|
| 2022-10-11 01:01:24 |
|
| 2021-05-04 12:02:48 |
|
| 2021-04-22 01:03:01 |
|
| 2020-05-23 00:16:22 |
|
| 2017-10-11 09:23:28 |
|
| 2016-10-18 12:01:36 |
|
| 2016-04-26 13:18:38 |
|
| 2014-02-17 10:30:16 |
|
| 2014-01-19 21:22:35 |
|
| 2013-05-11 11:21:46 |
|
