← CVECheck
HomeVulnerabilities

CVE-2004-0905 — MEDIUM severity vulnerability (Mozilla Firefox before the Preview Release, Mozilla before 1)

Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.

CVE IDCVE-2004-0905
SeverityMEDIUM
CVSS score4.6
CVSS vectorAV:L/AC:L/Au:N/C:P/I:P/A:P
CWENVD-CWE-Other
StatusModified
Published2004-09-14
Last modified2026-04-16
DescriptionMozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →