CVE-2004-0905

Description

Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.

Software From Fixed in
redhat / linux 7.3 7.3.x
redhat / linux 9.0 9.0.x
netscape / navigator 7.0 7.0.x
netscape / navigator 7.0.2 7.0.2.x
netscape / navigator 7.1 7.1.x
netscape / navigator 7.2 7.2.x
suse / suse_linux 1.0 1.0.x
suse / suse_linux 8 8.x
suse / suse_linux 8.1 8.1.x
suse / suse_linux 8.2 8.2.x
suse / suse_linux 9.0 9.0.x
suse / suse_linux 9.1 9.1.x
redhat / enterprise_linux 2.1 2.1.x
redhat / enterprise_linux 3.0 3.0.x
redhat / enterprise_linux_desktop 3.0 3.0.x
conectiva / linux 10.0 10.0.x
conectiva / linux 9.0 9.0.x
mozilla / mozilla 1.0 1.0.x
mozilla / mozilla 1.0-rc1 1.0-rc1.x
mozilla / mozilla 1.0-rc2 1.0-rc2.x
mozilla / mozilla 1.0.1 1.0.1.x
mozilla / mozilla 1.0.2 1.0.2.x
mozilla / mozilla 1.1 1.1.x
mozilla / mozilla 1.1-alpha 1.1-alpha.x
mozilla / mozilla 1.1-beta 1.1-beta.x
mozilla / mozilla 1.2 1.2.x
mozilla / mozilla 1.2-alpha 1.2-alpha.x
mozilla / mozilla 1.2-beta 1.2-beta.x
mozilla / mozilla 1.2.1 1.2.1.x
mozilla / mozilla 1.3 1.3.x
mozilla / mozilla 1.3.1 1.3.1.x
mozilla / mozilla 1.4 1.4.x
mozilla / mozilla 1.4-alpha 1.4-alpha.x
mozilla / mozilla 1.4-beta 1.4-beta.x
mozilla / mozilla 1.4.1 1.4.1.x
mozilla / mozilla 1.4.2 1.4.2.x
mozilla / mozilla 1.5 1.5.x
mozilla / mozilla 1.6 1.6.x
mozilla / mozilla 1.7 1.7.x
mozilla / mozilla 1.7-rc3 1.7-rc3.x
mozilla / mozilla 1.7.1 1.7.1.x
mozilla / mozilla 1.7.2 1.7.2.x
redhat / linux_advanced_workstation 2.1 2.1.x
mozilla / firefox 0.8 0.8.x
mozilla / firefox 0.9 0.9.x
mozilla / firefox 0.9-rc 0.9-rc.x
mozilla / firefox 0.9.1 0.9.1.x
mozilla / firefox 0.9.2 0.9.2.x
mozilla / firefox 0.9.3 0.9.3.x
redhat / fedora_core core_1.0 core_1.0.x