Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Web Browser)  >   Mozilla Firefox Vendors:
Mozilla Firefox XPCOM Access Flaw Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1013301
SecurityTracker URL:
CVE Reference:   CVE-2005-0527   (Links to External Site)
Date:  Feb 25 2005
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 1.0
Description:   A vulnerability was reported in Mozilla Firefox in the XPCOM implementation. A remote user can execute arbitrary code on the target user's system.

A remote user can create specially crafted HTML that, when loaded by the target user, will execute arbitrary code with the privileges of the target user. The HTML can include Firefox XPCOM code to perform actions (such as writing to a local file) that are triggered by scrollbar actions.

The exploit can be automated in conjunction with other previously reported vulnerabilities in Firefox so that user interaction is not required.

A demonstration exploit is available at:

Michael Krax discovered this vulnerability.

Impact:   A remote user can execute arbitrary code on the target user's system.
Solution:   A fixed version (1.0.1) is available at:

Vendor URL: (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.

 Source Message Contents

Subject:  [Full-Disclosure] Firescrolling [Firefox 1.0]


Remember my Internet Explorer "scrollbar exploit" based on http-equiv's 
"What a Drag"? When will people ever learn that "unusual user interaction" 
can be hidden by common tasks...

Let's combine fireflashing, firetabbing, xul and javascript to run arbitrary 
code by dragging a scrollbar two times.



The exploit is based on multiple vulnerabilities: #280664 (fireflashing) #280056 (firetabbing) #281807 (firescrolling)

Upgrade to Firefox 1.0.1 or disable javascript.

The Common Vulnerabilities and Exposures project ( has 
assigned the name CAN-2005-0527 to this issue.

__Affected Software

Tested with Firefox 1.0 on Windows and Linux (Fedora Core)

__Contact Informations

Michael Krax <>


Full-Disclosure - We believe in it.


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, LLC