oval:org.mitre.oval:def:100026

Definition Id: oval:org.mitre.oval:def:100026

Oval ID:	oval:org.mitre.oval:def:100026
Title:	Mozilla XUL Drag and Drop Security Bypass Vulnerability
Description:	FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka "Firescrolling 2."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2005-0401	Version:	5
Platform(s):	Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003	Product(s):	mozilla Mozilla Firefox
Definition Synopsis:
Mozilla Firefox version 1.0.1 or earlier is installed Firefox version 1.0.1 or earlier is installed AND Mozilla Firefox version 1.0.1 or earlier is installed OR Mozilla Suite version 1.7.6 or earlier is installed Mozilla Suite version 1.7.6 or earlier is installed AND Mozilla Suite version 1.7.6 or earlier is installed