CVE-2004-0905

Current Description

Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.

Basic Data

PublishedSeptember 14, 2004
Last ModifiedOctober 11, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score4.6
SeverityMEDIUM
Exploitability Score3.9
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegetrue
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationMozillaFirefox0.8*******
    2.3ApplicationMozillaFirefox0.9*******
    2.3ApplicationMozillaFirefox0.9rc******
    2.3ApplicationMozillaFirefox0.9.1*******
    2.3ApplicationMozillaFirefox0.9.2*******
    2.3ApplicationMozillaFirefox0.9.3*******
    2.3ApplicationMozillaMozilla1.0*******
    2.3ApplicationMozillaMozilla1.0rc1******
    2.3ApplicationMozillaMozilla1.0rc2******
    2.3ApplicationMozillaMozilla1.0.1*******
    2.3ApplicationMozillaMozilla1.0.2*******
    2.3ApplicationMozillaMozilla1.1*******
    2.3ApplicationMozillaMozilla1.1alpha******
    2.3ApplicationMozillaMozilla1.1beta******
    2.3ApplicationMozillaMozilla1.2*******
    2.3ApplicationMozillaMozilla1.2alpha******
    2.3ApplicationMozillaMozilla1.2beta******
    2.3ApplicationMozillaMozilla1.2.1*******
    2.3ApplicationMozillaMozilla1.3*******
    2.3ApplicationMozillaMozilla1.3.1*******
    2.3ApplicationMozillaMozilla1.4*******
    2.3ApplicationMozillaMozilla1.4alpha******
    2.3ApplicationMozillaMozilla1.4beta******
    2.3ApplicationMozillaMozilla1.4.1*******
    2.3ApplicationMozillaMozilla1.4.2*******
    2.3ApplicationMozillaMozilla1.5*******
    2.3ApplicationMozillaMozilla1.6*******
    2.3ApplicationMozillaMozilla1.7*******
    2.3ApplicationMozillaMozilla1.7rc3******
    2.3ApplicationMozillaMozilla1.7.1*******
    2.3ApplicationMozillaMozilla1.7.2*******
    2.3ApplicationNetscapeNavigator7.0*******
    2.3ApplicationNetscapeNavigator7.0.2*******
    2.3ApplicationNetscapeNavigator7.1*******
    2.3ApplicationNetscapeNavigator7.2*******
    2.3OSConectivaLinux9.0*******
    2.3OSConectivaLinux10.0*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSRedhatEnterprise Linux2.1*advanced_server*****
    2.3OSRedhatEnterprise Linux2.1*advanced_server_ia64*****
    2.3OSRedhatEnterprise Linux2.1*enterprise_server*****
    2.3OSRedhatEnterprise Linux2.1*enterprise_server_ia64*****
    2.3OSRedhatEnterprise Linux2.1*workstation*****
    2.3OSRedhatEnterprise Linux2.1*workstation_ia64*****
    2.3OSRedhatEnterprise Linux3.0*advanced_server*****
    2.3OSRedhatEnterprise Linux3.0*enterprise_server*****
    2.3OSRedhatEnterprise Linux3.0*workstation_server*****
    2.3OSRedhatEnterprise Linux Desktop3.0*******
    2.3OSRedhatFedora Corecore_1.0*******
    2.3OSRedhatLinux7.3*******
    2.3OSRedhatLinux7.3*i386*****
    2.3OSRedhatLinux7.3*i686*****
    2.3OSRedhatLinux9.0*i386*****
    2.3OSRedhatLinux Advanced Workstation2.1*ia64*****
    2.3OSRedhatLinux Advanced Workstation2.1*itanium_processor*****
    2.3OSSuseSuse Linux1.0*desktop*****
    2.3OSSuseSuse Linux8*enterprise_server*****
    2.3OSSuseSuse Linux8.1*******
    2.3OSSuseSuse Linux8.2*******
    2.3OSSuseSuse Linux9.0*******
    2.3OSSuseSuse Linux9.0*enterprise_server*****
    2.3OSSuseSuse Linux9.0*x86_64*****
    2.3OSSuseSuse Linux9.1*******

Vulnerable Software List

VendorProductVersions
Mozilla Firefox 0.8, 0.9, 0.9.1, 0.9.2, 0.9.3
Mozilla Mozilla 1.0, 1.0.1, 1.0.2, 1.1, 1.2, 1.2.1, 1.3, 1.3.1, 1.4, 1.4.1, 1.4.2, 1.5, 1.6, 1.7, 1.7.1, 1.7.2
Redhat Enterprise Linux 2.1, 3.0
Redhat Enterprise Linux Desktop 3.0
Redhat Linux 7.3, 9.0
Redhat Fedora Core core_1.0
Redhat Linux Advanced Workstation 2.1
Conectiva Linux 10.0, 9.0
Netscape Navigator 7.0, 7.0.2, 7.1, 7.2
Suse Suse Linux 1.0, 8, 8.1, 8.2, 9.0, 9.1

References

NameSourceURLTags
http://bugzilla.mozilla.org/show_bug.cgi?id=250862http://bugzilla.mozilla.org/show_bug.cgi?id=250862CONFIRMPATCH Vendor Advisory
SSRT4826http://marc.info/?l=bugtraq&m=109698896104418&w=2HP
FLSA:2089http://marc.info/?l=bugtraq&m=109900315219363&w=2FEDORA
GLSA-200409-26http://security.gentoo.org/glsa/glsa-200409-26.xmlGENTOOPATCH Vendor Advisory
VU#651928http://www.kb.cert.org/vuls/id/651928CERT-VNPATCH Third Party Advisory US Government Resource
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3CONFIRMVendor Advisory
SUSE-SA:2004:036http://www.novell.com/linux/security/advisories/2004_36_mozilla.htmlSUSEPATCH Vendor Advisory
11177http://www.securityfocus.com/bid/11177BIDExploit PATCH Vendor Advisory
TA04-261Ahttp://www.us-cert.gov/cas/techalerts/TA04-261A.htmlCERTPATCH Third Party Advisory US Government Resource
mozilla-netscape-sameorigin-bypass(17374)https://exchange.xforce.ibmcloud.com/vulnerabilities/17374XF
oval:org.mitre.oval:def:10378https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10378OVAL