Vulnerability Note VU#651928
Mozilla may allow violation of cross-domain scripting policies via dragging
A vulnerability affecting Mozilla web browsers may allow violation of cross-domain scripting policies and possibly execute code originating from a remote source.
"The user could be convinced to drag obscurred links in the context of a game or even a fake scrollbar. If the user could be convinced to drag two links in sequence into a separate window (not frame) the attacker would be able to run arbitrary programs."
This vulnerability could be used to exploit cross-domain scripting policies and possibly execute code originating from a remote source.
This vulnerability is resolved in Firefox Preview Release, Mozilla 1.7.3, and Thunderbird 0.8.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Mozilla||Not Affected||-||17 Sep 2004|
CVSS Metrics (Learn More)
Thanks to Jesse Ruderman for reporting this vulnerability.
This document was written by Jason A Rafail.
- CVE IDs: Unknown
- Date Public: 14 Sep 2004
- Date First Published: 17 Sep 2004
- Date Last Updated: 17 Sep 2004
- Severity Metric: 25.31
- Document Revision: 9
If you have feedback, comments, or additional information about this vulnerability, please send us email.