CVE-2005-0401

Publication date 2 May 2005

Last updated 17 July 2025

Ubuntu priority

Medium

Why this priority?

FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka “Firescrolling 2.”

Status

No maintained releases are affected by this CVE.

Package Ubuntu Release Status
firefox 7.04 feisty
Fixed 2.0.0.6+1-0ubuntu1
6.10 edgy
Fixed 2.0.0.6+0dfsg-0ubuntu0.6.10
6.06 LTS dapper
Fixed 1.5.dfsg+1.5.0.13~prepatch070731-0ubuntu1
firefox-granparadiso 7.04 feisty Not in release
6.10 edgy Not in release
6.06 LTS dapper Not in release
lightning-sunbird 7.04 feisty Not in release
6.10 edgy Not in release
6.06 LTS dapper Not in release
midbrowser 7.04 feisty Not in release
6.10 edgy Not in release
6.06 LTS dapper Not in release
mozilla 7.04 feisty Not in release
6.10 edgy
Fixed 1.7.13-0.2ubuntu1
6.06 LTS dapper
Not affected

References

Related Ubuntu Security Notices (USN)

    • USN-149-3
    • Ubuntu 4.10 update for Firefox vulnerabilities
    • 28 July 2005

Other references