CVE-2005-0231

Published: Feb 8, 2005

Modified: Aug 7, 2024

PUBLISHED

Description

Firefox 1.0 does not invoke the Javascript Security Manager when a user drags a javascript: or data: URL to a tab, which allows remote attackers to bypass the security model, aka "firetabbing."

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

SUSE-SA:2005:016

vendor-advisory

x_refsource_SUSE

https://bugzilla.mozilla.org/show_bug.cgi?id=280056

x_refsource_CONFIRM

oval:org.mitre.oval:def:10079

vdb-entry

signature

x_refsource_OVAL

20050207 Firetabbing [Firefox 1.0]

mailing-list

x_refsource_BUGTRAQ

oval:org.mitre.oval:def:100032

vdb-entry

signature

x_refsource_OVAL

mozilla-firefox-tab-gain-access(19264)

vdb-entry

x_refsource_XF

RHSA-2005:176

vendor-advisory

x_refsource_REDHAT

RHSA-2005:384

vendor-advisory

x_refsource_REDHAT

GLSA-200503-30

vendor-advisory

x_refsource_GENTOO

http://www.mozilla.org/security/announce/mfsa2005-26.html

x_refsource_CONFIRM

GLSA-200503-10

vendor-advisory

x_refsource_GENTOO

http://www.mikx.de/firetabbing/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2005-0231

Description

Affected Products

References