oval:org.mitre.oval:def:100032

Definition Id: oval:org.mitre.oval:def:100032

Oval ID:	oval:org.mitre.oval:def:100032
Title:	Mozilla Cross-site Scripting via Drag and Drop to Tab
Description:	Firefox 1.0 does not invoke the Javascript Security Manager when a user drags a javascript: or data: URL to a tab, which allows remote attackers to bypass the security model, aka "firetabbing."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2005-0231	Version:	5
Platform(s):	Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003	Product(s):	mozilla Mozilla Firefox
Definition Synopsis:
Mozilla Firefox version 1.0 or earlier is installed Firefox version 1.0 or earlier is installed AND Mozilla Firefox version 1.0 or earlier is installed OR Mozilla Suite version 1.7.5 or earlier is installed Mozilla Suite version 1.7.5 or earlier is installed AND Mozilla Suite version 1.7.5 or earlier is installed