Vulnerability Name: CVE-2004-0905 (CCN-17374) Assigned: 2004-07-11 Published: 2004-07-11 Updated: 2017-10-11 Summary: Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain. CVSS v3 Severity: 5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): LowAvailibility (A): Low
CVSS v2 Severity: 4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
Vulnerability Type: CWE-Other Vulnerability Consequences: Gain Access References: Source: CCNbrowser accepts dragged javascript links (same-origin security hole) http://bugzilla.mozilla.org/show_bug.cgi?id=250862 CVE-2004-0905 New upstream for mozilla SSRT4826 FLSA:2089 mozilla security update GLSA-200409-26 [slackware-security] Mozilla (SSA:2004-266-03) Multiple Security Vulnerabilities in Mozilla Mozilla, Firefox, Thunderbird, Epiphany: New releases fix vulnerabilities Mozilla may allow violation of cross-domain scripting policies via dragging VU#651928 Mozilla - Home of the Firefox web browser, Thunderbird and the Mozilla Suite http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3 SUSE-SA:2004:036 11177 Mozilla/Firefox Browsers URI Drag And Drop Cross-Domain Scripting Vulnerability TA04-261A mozilla-netscape-sameorigin-bypass(17374) mozilla-netscape-sameorigin-bypass(17374) oval:org.mitre.oval:def:10378 mozilla: various vulnerabilities Vulnerable Configuration: Configuration 1 :cpe:/a:mozilla:firefox:0.8:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:0.9:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:0.9:rc:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:0.9.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:0.9.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:0.9.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.0:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.0.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.1:beta:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.2:alpha:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.2:beta:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.2.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.3.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.4:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.4:beta:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.4.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.6:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:* OR cpe:/a:netscape:navigator:7.0:*:*:*:*:*:*:* OR cpe:/a:netscape:navigator:7.0.2:*:*:*:*:*:*:* OR cpe:/a:netscape:navigator:7.1:*:*:*:*:*:*:* OR cpe:/a:netscape:navigator:7.2:*:*:*:*:*:*:* OR cpe:/o:conectiva:linux:9.0:*:*:*:*:*:*:* OR cpe:/o:conectiva:linux:10.0:*:*:*:*:*:*:* Configuration 2 :cpe:/o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:* OR cpe:/o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:* OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:* OR cpe:/o:redhat:linux:7.3:*:i386:*:*:*:*:* OR cpe:/o:redhat:linux:7.3:*:i686:*:*:*:*:* OR cpe:/o:redhat:linux:9.0:*:i386:*:*:*:*:* OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:* OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:* OR cpe:/o:suse:suse_linux:1.0:*:desktop:*:*:*:*:* OR cpe:/o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:* OR cpe:/o:suse:suse_linux:8.1:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:8.2:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:* OR cpe:/o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:* OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:* Configuration RedHat 1 :cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.0:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.2.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.4:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.3.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.6:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:0.8:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:0.9:rc:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:0.9.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:0.9.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:0.9.3:*:*:*:*:*:*:* OR cpe:/a:netscape:navigator:7.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:0.9:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:0.9.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.0.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.1:beta:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.2:alpha:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.2:beta:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.4.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.4.4:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.4:beta:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.6:beta:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7:beta:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:0.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:0.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:0.4:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:0.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:0.6:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:0.7:-:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:0.7:*:*:*:*:*:*:* AND cpe:/o:sun:solaris:8::sparc:*:*:*:*:* OR cpe:/o:compaq:tru64:5.1a:*:*:*:*:*:*:* OR cpe:/o:sun:solaris:9::sparc:*:*:*:*:* OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:8.1:*:*:*:*:*:*:* OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:* OR cpe:/o:slackware:slackware_linux:current:*:*:*:*:*:*:* OR cpe:/o:compaq:tru64:5.1b:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:* OR cpe:/o:suse:suse_linux:8.2:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:aw:*:*:*:*:* OR cpe:/o:conectiva:linux:9.0:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:* OR cpe:/o:conectiva:linux:10:*:*:*:*:*:*:* OR cpe:/o:slackware:slackware_linux:10.0:*:*:*:*:*:*:* OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:10.0::amd64:*:*:*:*:* Oval Definitions Definition ID Class Title Last Modified oval:org.opensuse.security:def:20040905 V CVE-2004-0905 2015-11-16 oval:org.mitre.oval:def:10378 V Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain. 2013-04-29 oval:com.redhat.rhsa:def:20040486 P RHSA-2004:486: mozilla security update (Critical) 2004-09-30
BACK
mozilla firefox 0.8
mozilla firefox 0.9
mozilla firefox 0.9 rc
mozilla firefox 0.9.1
mozilla firefox 0.9.2
mozilla firefox 0.9.3
mozilla mozilla 1.0
mozilla mozilla 1.0 rc1
mozilla mozilla 1.0 rc2
mozilla mozilla 1.0.1
mozilla mozilla 1.0.2
mozilla mozilla 1.1
mozilla mozilla 1.1 alpha
mozilla mozilla 1.1 beta
mozilla mozilla 1.2
mozilla mozilla 1.2 alpha
mozilla mozilla 1.2 beta
mozilla mozilla 1.2.1
mozilla mozilla 1.3
mozilla mozilla 1.3.1
mozilla mozilla 1.4
mozilla mozilla 1.4 alpha
mozilla mozilla 1.4 beta
mozilla mozilla 1.4.1
mozilla mozilla 1.4.2
mozilla mozilla 1.5
mozilla mozilla 1.6
mozilla mozilla 1.7
mozilla mozilla 1.7 rc3
mozilla mozilla 1.7.1
mozilla mozilla 1.7.2
netscape navigator 7.0
netscape navigator 7.0.2
netscape navigator 7.1
netscape navigator 7.2
conectiva linux 9.0
conectiva linux 10.0
redhat enterprise linux 2.1
redhat enterprise linux 2.1
redhat enterprise linux 2.1
redhat enterprise linux 2.1
redhat enterprise linux 2.1
redhat enterprise linux 2.1
redhat enterprise linux 3.0
redhat enterprise linux 3.0
redhat enterprise linux 3.0
redhat enterprise linux desktop 3.0
redhat fedora core core_1.0
redhat linux 7.3
redhat linux 7.3
redhat linux 7.3
redhat linux 9.0
redhat linux advanced workstation 2.1
redhat linux advanced workstation 2.1
suse suse linux 1.0
suse suse linux 8
suse suse linux 8.1
suse suse linux 8.2
suse suse linux 9.0
suse suse linux 9.0
suse suse linux 9.0
suse suse linux 9.1
mozilla mozilla 1.0 rc1
mozilla mozilla 1.0
mozilla mozilla 1.0.1
mozilla mozilla 1.1
mozilla mozilla 1.2.1
mozilla mozilla 1.3
mozilla mozilla 1.4
mozilla mozilla 1.3.1
mozilla mozilla 1.6
mozilla mozilla 1.7 rc3
mozilla firefox 0.8
mozilla firefox 0.9 rc
mozilla mozilla 1.7
mozilla mozilla 1.7.1
mozilla firefox 0.9.2
mozilla firefox 0.9.1
mozilla firefox 0.9.3
netscape navigator 7.2
mozilla mozilla 1.7.2
mozilla firefox 0.9
mozilla mozilla 0.9.2
mozilla mozilla 1.0.2
mozilla mozilla 1.1 alpha
mozilla mozilla 1.1 beta
mozilla mozilla 1.2
mozilla mozilla 1.2 alpha
mozilla mozilla 1.2 beta
mozilla mozilla 1.4.1
mozilla mozilla 1.4.2
mozilla mozilla 1.4.4
mozilla mozilla 1.4 alpha
mozilla mozilla 1.4 beta
mozilla mozilla 1.5
mozilla mozilla 1.5.1
mozilla mozilla 1.5 alpha
mozilla mozilla 1.5 rc1
mozilla mozilla 1.5 rc2
mozilla mozilla 1.6 alpha
mozilla mozilla 1.6 beta
mozilla mozilla 1.7 alpha
mozilla mozilla 1.7 beta
mozilla mozilla 1.7 rc1
mozilla mozilla 1.7 rc2
mozilla thunderbird 0.1
mozilla thunderbird 0.2
mozilla thunderbird 0.3
mozilla thunderbird 0.4
mozilla thunderbird 0.5
mozilla thunderbird 0.6
mozilla thunderbird 0.7
mozilla thunderbird 0.7.1
mozilla thunderbird 0.7.2
mozilla thunderbird 0.7.3
mozilla firefox 0.7
sun solaris 8
compaq tru64 5.1a
sun solaris 9
gentoo linux *
suse suse linux 8.1
suse linux enterprise server 8
slackware slackware linux current
compaq tru64 5.1b
redhat enterprise linux 2.1
redhat enterprise linux 2.1
redhat enterprise linux 2.1
suse suse linux 8.2
redhat enterprise linux 2.1
conectiva linux 9.0
suse suse linux 9.0
redhat enterprise linux 3
redhat enterprise linux 3
redhat enterprise linux 3
mandrakesoft mandrake linux 10.0
suse suse linux 9.1
redhat enterprise linux 3
conectiva linux 10
slackware slackware linux 10.0
redhat linux advanced workstation 2.1
mandrakesoft mandrake linux 10.0
Denotes that component is vulnerable