关于 CVE-2005-0401 的漏洞信息

1. 漏洞描述
From NVD
FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka "Firescrolling 2."
From 神龙GPT (AIGC)
火狐1.0.1和Mozilla之前版本1.7.6并未充分解决加载Chrome文件和操纵拖拽事件的所有攻击面,这允许远程攻击者通过欺骗用户拖拽scrollbar(CVE-2005-0527的一个变种,也被称为“Firescrolling 2”)来执行任意XUL代码。
2. 漏洞评分(CVSS)
From NVD
NVD 暂无评分
From 神龙GPT (AIGC)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
3. 漏洞类别
From NVD
NVD 暂无漏洞类别信息
From 神龙GPT (AIGC)
神龙GPT 暂无漏洞类别信息(请耐心等待)
Reference