CVE-2005-0231

Publication date 7 February 2005

Last updated 17 July 2025

Ubuntu priority

Firefox 1.0 does not invoke the Javascript Security Manager when a user drags a javascript: or data: URL to a tab, which allows remote attackers to bypass the security model, aka "firetabbing."

Status

Show unmaintained releases

Package	Ubuntu Release	Status
midbrowser	7.04 feisty	Not in release
	6.10 edgy	Not in release
	6.06 LTS dapper	Not in release
firefox	7.04 feisty	Fixed 2.0.0.6+1-0ubuntu1
	6.10 edgy	Fixed 2.0.0.6+0dfsg-0ubuntu0.6.10
	6.06 LTS dapper	Fixed 1.5.dfsg+1.5.0.13~prepatch070731-0ubuntu1
firefox-granparadiso	7.04 feisty	Not in release
	6.10 edgy	Not in release
	6.06 LTS dapper	Not in release
lightning-sunbird	7.04 feisty	Not in release
	6.10 edgy	Not in release
	6.06 LTS dapper	Not in release
mozilla	7.04 feisty	Not in release
	6.10 edgy	Not affected
	6.06 LTS dapper	Not affected

References

Related Ubuntu Security Notices (USN)

USN-149-3
Ubuntu 4.10 update for Firefox vulnerabilities
28 July 2005

Other references

https://www.cve.org/CVERecord?id=CVE-2005-0231