VuXML: mozilla -- scripting vulnerabilities

CVE-2004-0905: javascript; links dragged onto another frame or page allows an attacker to steal or modify sensitive information from other sites. The user could be convinced to drag obscurred links in the context of a game or even a fake scrollbar. If the user could be convinced to drag two links in sequence into a separate window (not frame) the attacker would be able to run arbitrary programs.

[source]
CVE-2004-0908: Untrusted javascript code can read and write to the clipboard, stealing any sensitive data the user might have copied. Workaround: disable javascript

[source]
CVE-2004-0909: Signed scripts requesting enhanced abilities could construct the request in a way that led to a confusing grant dialog, possibly fooling the user into thinking the privilege requested was inconsequential while actually obtaining explicit permission to run and install software. Workaround: Never grant enhanced abilities of any kind to untrusted web pages.

[source]

CVE Name	CVE-2004-0905
CVE Name	CVE-2004-0908
CVE Name	CVE-2004-0909
URL	http://bugzilla.mozilla.org/show_bug.cgi?id=250862
URL	http://bugzilla.mozilla.org/show_bug.cgi?id=253942
URL	http://bugzilla.mozilla.org/show_bug.cgi?id=257523

mozilla -- scripting vulnerabilities