Cross-Domain Scripting Vulnerability in Mozilla Firefox and Thunderbird
CVE-2004-0905

Currently unrated

Key Information:

Vendor: Mozilla
Status: Mozilla; Firefox; Linux; Navigator
Vendor: CVE Published:; 14 September 2004

Summary

This vulnerability allows remote attackers to perform cross-domain scripting by convincing a user to drag and drop malicious JavaScript links onto a page or frame in a different domain. If successfully executed, it may lead to unauthorized actions and the ability to run arbitrary code within the context of the user's session. This issue primarily affects versions of Mozilla Firefox prior to 1.7.3 and Thunderbird before 0.8, posing a significant security risk for users who engage with untrustworthy web content.

References

http://www.kb.cert.org/vuls/id/651928

third-party-advisoryx_refsource_CERT-VN

http://www.novell.com/linux/security/advisories/2004_36_m...

vendor-advisoryx_refsource_SUSE

http://bugzilla.mozilla.org/show_bug.cgi?id=250862

x_refsource_CONFIRM

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Sep 23, 2004
Vulnerability published
Sep 14, 2004