Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux SE 1.5
Astra Linux SE 1.6
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:com.altx-soft.nix:def:13870
[Rus]
Version
1
Class
patch
ALTXid
138813
Language
English
Severity
NotAvailable
Title
USN-149-3 -- Ubuntu 4.10 update for Firefox vulnerabilities
Description
USN-149-1 fixed some vulnerabilities in the Ubuntu 5.04 (Hoary
Hedgehog) version of Firefox. The version shipped with Ubuntu 4.10
(Warty Warthog) is also vulnerable to these flaws, so it needs to be
upgraded as well.
Family
unix
Platform
Ubuntu 4.10
Product
mozilla-firefox
mozilla-firefox-locale-es
mozilla-firefox-locale-ja
mozilla-firefox-locale-nb
mozilla-firefox-locale-uk
mozilla-firefox-locale-de
mozilla-firefox-locale-ca
mozilla-firefox-locale-it
mozilla-firefox-locale-tr
mozilla-firefox-locale-fr
mozilla-firefox-locale-pl
Reference
VENDOR: USN-149-3
VENDOR: USN-149-3
Id:
USN-149-3
Reference:
http://www.ubuntu.com/usn/usn-149-3/
CVE: CVE-2004-1156
CVE: CVE-2004-1156
Id:
CVE-2004-1156
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1156
Comment
: Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE:
CWE-Other ()
References:
13129 (SECUNIA)
http://secunia.com/multiple_browsers_window_injection_vulnerability_test/ (MISC)
http://secunia.com/secunia_research/2004-13/advisory/ (MISC)
GLSA-200503-10 (GENTOO)
GLSA-200503-30 (GENTOO)
http://www.mozilla.org/security/announce/mfsa2005-13.html (CONFIRM)
RHSA-2005:176 (REDHAT)
RHSA-2005:384 (REDHAT)
oval:org.mitre.oval:def:100045 (OVAL)
oval:org.mitre.oval:def:10117 (OVAL)
CVE: CVE-2004-1381
CVE: CVE-2004-1381
Id:
CVE-2004-1381
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1381
Comment
: Firefox before 1.0 and Mozilla before 1.7.5 allow inactive (background) tabs to focus on input being entered in the active tab, as originally reported using form fields, which allows remote attackers to steal sensitive data that is intended for other sites, which could facilitate phishing attacks.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE:
CWE-Other ()
References:
12712 (SECUNIA)
http://secunia.com/multiple_browsers_dialog_box_spoofing_test/ (MISC)
http://secunia.com/multiple_browsers_form_field_focus_test/ (MISC)
http://www.mozilla.org/security/announce/mfsa2005-05.html (CONFIRM)
web-browser-inactive-info-disclosure(17789) (XF)
oval:org.mitre.oval:def:100053 (OVAL)
CVE: CVE-2005-0141
CVE: CVE-2005-0141
Id:
CVE-2005-0141
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0141
Comment
: Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to load local files via links "with a custom getter and toString method" that are middle-clicked by the user to be opened in a new tab.
CVSSv2 Score:
2.6
Access vector:
NETWORK
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:P/I:N/A:N
CWE:
CWE-Other ()
References:
http://www.mozilla.org/security/announce/mfsa2005-01.html (CONFIRM)
RHSA-2005:323 (REDHAT)
RHSA-2005:335 (REDHAT)
12407 (BID)
https://bugzilla.mozilla.org/show_bug.cgi?id=249332 (CONFIRM)
mozilla-firefox-file-upload(19168) (XF)
oval:org.mitre.oval:def:100057 (OVAL)
oval:org.mitre.oval:def:10756 (OVAL)
CVE: CVE-2005-0142
CVE: CVE-2005-0142
Id:
CVE-2005-0142
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0142
Comment
: Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozilla 1.7 before 1.7.5 save temporary files with world-readable permissions, which allows local users to read certain web content or attachments that belong to other users, e.g. content that is managed by helper applications such as PDF.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CWE:
CWE-Other ()
References:
19823 (SECUNIA)
http://www.mozilla.org/security/announce/mfsa2005-02.html (CONFIRM)
SUSE-SA:2006:004 (SUSE)
RHSA-2005:335 (REDHAT)
RHSA-2005:384 (REDHAT)
https://bugzilla.mozilla.org/show_bug.cgi?id=251297 (CONFIRM)
mozilla-world-readable(17832) (XF)
oval:org.mitre.oval:def:100056 (OVAL)
oval:org.mitre.oval:def:9543 (OVAL)
CVE: CVE-2005-0143
CVE: CVE-2005-0143
Id:
CVE-2005-0143
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0143
Comment
: Firefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon when an insecure page loads a binary file from a trusted site, which could facilitate phishing attacks.
CVSSv2 Score:
2.6
Access vector:
NETWORK
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:N/I:P/A:N
CWE:
CWE-Other ()
References:
http://www.mozilla.org/security/announce/mfsa2005-03.html (CONFIRM)
RHSA-2005:335 (REDHAT)
RHSA-2005:384 (REDHAT)
12407 (BID)
https://bugzilla.mozilla.org/show_bug.cgi?id=257308 (CONFIRM)
mozilla-ssl-spoofing(19166) (XF)
oval:org.mitre.oval:def:100055 (OVAL)
oval:org.mitre.oval:def:11297 (OVAL)
CVE: CVE-2005-0144
CVE: CVE-2005-0144
Id:
CVE-2005-0144
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0144
Comment
: Firefox before 1.0 and Mozilla before 1.7.5 display the secure site lock icon when a view-source: URL references a secure SSL site while an insecure page is being loaded, which could facilitate phishing attacks.
CVSSv2 Score:
2.6
Access vector:
NETWORK
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:N/I:P/A:N
CWE:
CWE-Other ()
References:
http://www.mozilla.org/security/announce/mfsa2005-04.html (CONFIRM)
RHSA-2005:323 (REDHAT)
RHSA-2005:335 (REDHAT)
12407 (BID)
https://bugzilla.mozilla.org/show_bug.cgi?id=262689 (CONFIRM)
mozilla-ssl-view-source-spoofing(19169) (XF)
oval:org.mitre.oval:def:100054 (OVAL)
oval:org.mitre.oval:def:11016 (OVAL)
CVE: CVE-2005-0145
CVE: CVE-2005-0145
Id:
CVE-2005-0145
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0145
Comment
: Firefox before 1.0 does not properly distinguish between user-generated and synthetic click events, which allows remote attackers to use Javascript to bypass the file download prompt when the user uses the Alt-click feature.
CVSSv2 Score:
2.6
Access vector:
NETWORK
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:N/I:P/A:N
CWE:
CWE-Other ()
References:
http://www.mozilla.org/security/announce/mfsa2005-07.html (CONFIRM)
12407 (BID)
https://bugzilla.mozilla.org/show_bug.cgi?id=265176 (CONFIRM)
mozilla-script-click-event-bypass(19170) (XF)
oval:org.mitre.oval:def:100051 (OVAL)
CVE: CVE-2005-0146
CVE: CVE-2005-0146
Id:
CVE-2005-0146
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0146
Comment
: Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to obtain sensitive data from the clipboard via Javascript that generates a middle-click event on systems for which a middle-click performs a paste operation.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE:
CWE-Other ()
References:
http://www.mozilla.org/security/announce/mfsa2005-08.html (CONFIRM)
RHSA-2005:335 (REDHAT)
RHSA-2005:384 (REDHAT)
12407 (BID)
https://bugzilla.mozilla.org/show_bug.cgi?id=265728 (CONFIRM)
mozilla-middle-click-information-disclosure(19171) (XF)
oval:org.mitre.oval:def:10362 (OVAL)
CVE: CVE-2005-0147
CVE: CVE-2005-0147
Id:
CVE-2005-0147
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0147
Comment
: Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a proxy, respond to 407 proxy auth requests from arbitrary servers, which allows remote attackers to steal NTLM or SPNEGO credentials.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE:
CWE-Other ()
References:
http://www.mozilla.org/security/announce/mfsa2005-09.html (CONFIRM)
RHSA-2005:323 (REDHAT)
12407 (BID)
https://bugzilla.mozilla.org/show_bug.cgi?id=267263 (CONFIRM)
mozilla-407-proxy-obtain-information(19174) (XF)
oval:org.mitre.oval:def:100049 (OVAL)
oval:org.mitre.oval:def:9578 (OVAL)
CVE: CVE-2005-0150
CVE: CVE-2005-0150
Id:
CVE-2005-0150
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0150
Comment
: Firefox before 1.0 allows the user to store a (1) javascript: or (2) data: URLs as a Livefeed bookmark, then executes it in the security context of the currently loaded page when the user later accesses the bookmark, which could allow remote attackers to execute arbitrary code.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE:
CWE-Other ()
References:
http://www.mozilla.org/security/announce/mfsa2005-12.html (CONFIRM)
12407 (BID)
https://bugzilla.mozilla.org/show_bug.cgi?id=265668 (CONFIRM)
mozilla-firefox-livefeed-xss(19187) (XF)
oval:org.mitre.oval:def:100046 (OVAL)
CVE: CVE-2005-0230
CVE: CVE-2005-0230
Id:
CVE-2005-0230
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0230
Comment
: Firefox 1.0 does not prevent the user from dragging an executable file to the desktop when it has an image/gif content type but has a dangerous extension such as .bat or .exe, which allows remote attackers to bypass the intended restriction and execute arbitrary commands via malformed GIF files that can still be parsed by the Windows batch file parser, aka "firedragging."
CVSSv2 Score:
5.1
Access vector:
NETWORK
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:P/I:P/A:P
CWE:
CWE-Other ()
References:
20050207 Firedragging [Firefox 1.0] (BUGTRAQ)
19823 (SECUNIA)
GLSA-200503-10 (GENTOO)
GLSA-200503-30 (GENTOO)
http://www.mikx.de/firedragging/ (MISC)
http://www.mozilla.org/security/announce/mfsa2005-25.html (CONFIRM)
SUSE-SA:2006:004 (SUSE)
12468 (BID)
https://bugzilla.mozilla.org/show_bug.cgi?id=279945 (CONFIRM)
oval:org.mitre.oval:def:100033 (OVAL)
CVE: CVE-2005-0231
CVE: CVE-2005-0231
Id:
CVE-2005-0231
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0231
Comment
: Firefox 1.0 does not invoke the Javascript Security Manager when a user drags a javascript: or data: URL to a tab, which allows remote attackers to bypass the security model, aka "firetabbing."
CVSSv2 Score:
2.6
Access vector:
NETWORK
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:N/I:P/A:N
CWE:
CWE-Other ()
References:
20050207 Firetabbing [Firefox 1.0] (BUGTRAQ)
GLSA-200503-10 (GENTOO)
GLSA-200503-30 (GENTOO)
http://www.mikx.de/firetabbing/ (MISC)
http://www.mozilla.org/security/announce/mfsa2005-26.html (CONFIRM)
SUSE-SA:2005:016 (SUSE)
RHSA-2005:176 (REDHAT)
RHSA-2005:384 (REDHAT)
https://bugzilla.mozilla.org/show_bug.cgi?id=280056 (CONFIRM)
mozilla-firefox-tab-gain-access(19264) (XF)
oval:org.mitre.oval:def:100032 (OVAL)
oval:org.mitre.oval:def:10079 (OVAL)
CVE: CVE-2005-0232
CVE: CVE-2005-0232
Id:
CVE-2005-0232
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0232
Comment
: Firefox 1.0 allows remote attackers to modify Boolean configuration parameters for the about:config site by using a plugin such as Flash, and the -moz-opacity filter, to display the about:config site then cause the user to double-click at a certain screen position, aka "Fireflashing."
CVSSv2 Score:
2.6
Access vector:
NETWORK
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:N/I:P/A:N
CWE:
CWE-Other ()
References:
20050207 Fireflashing [Firefox 1.0] (BUGTRAQ)
GLSA-200503-10 (GENTOO)
GLSA-200503-30 (GENTOO)
http://www.mikx.de/fireflashing/ (MISC)
http://www.mozilla.org/security/announce/mfsa2005-27.html (CONFIRM)
SUSE-SA:2005:016 (SUSE)
RHSA-2005:176 (REDHAT)
RHSA-2005:323 (REDHAT)
RHSA-2005:384 (REDHAT)
https://bugzilla.mozilla.org/show_bug.cgi?id=280664 (CONFIRM)
mozilla-firefox-aboutconfig-modify(19266) (XF)
oval:org.mitre.oval:def:10967 (OVAL)
CVE: CVE-2005-0233
CVE: CVE-2005-0233
Id:
CVE-2005-0233
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0233
Comment
: The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
20050206 state of homograph attacks (FULLDISC)
http://www.shmoo.com/idn (MISC)
http://www.shmoo.com/idn/homograph.txt (MISC)
http://www.mozilla.org/security/announce/mfsa2005-29.html (CONFIRM)
GLSA-200503-10 (GENTOO)
GLSA-200503-30 (GENTOO)
SUSE-SA:2005:016 (SUSE)
RHSA-2005:176 (REDHAT)
RHSA-2005:384 (REDHAT)
12461 (BID)
20050208 International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. (BUGTRAQ)
multiple-browsers-idn-spoof(19236) (XF)
oval:org.mitre.oval:def:11229 (OVAL)
oval:org.mitre.oval:def:100029 (OVAL)
CVE: CVE-2005-0255
CVE: CVE-2005-0255
Id:
CVE-2005-0255
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0255
Comment
: String handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbird before 1.0.2, such as the nsTSubstring_CharT::Replace function, do not properly check the return values of other functions that resize the string, which allows remote attackers to cause a denial of service and possibly execute arbitrary code by forcing an out-of-memory state that causes a reallocation to fail and return a pointer to a fixed address, which leads to heap corruption.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE:
CWE-Other ()
References:
19823 (SECUNIA)
GLSA-200503-10 (GENTOO)
GLSA-200503-30 (GENTOO)
20050228 Mozilla Firefox and Mozilla Browser Out Of Memory Heap Corruption Design Error (IDEFENSE)
http://www.mozilla.org/security/announce/mfsa2005-18.html (CONFIRM)
SUSE-SA:2005:016 (SUSE)
SUSE-SA:2006:004 (SUSE)
RHSA-2005:176 (REDHAT)
RHSA-2005:277 (REDHAT)
RHSA-2005:337 (REDHAT)
12659 (BID)
oval:org.mitre.oval:def:100040 (OVAL)
oval:org.mitre.oval:def:9111 (OVAL)
CVE: CVE-2005-0399
CVE: CVE-2005-0399
Id:
CVE-2005-0399
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0399
Comment
: Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, Mozilla before to 1.7.6, and Thunderbird before 1.0.2, and possibly other applications that use the same library, allows remote attackers to execute arbitrary code via a GIF image with a crafted Netscape extension 2 block and buffer size.
CVSSv2 Score:
5.1
Access vector:
NETWORK
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:P/I:P/A:P
CWE:
CWE-Other ()
References:
SCOSA-2005.49 (SCO)
14654 (SECUNIA)
19823 (SECUNIA)
P-160 (CIAC)
GLSA-200503-30 (GENTOO)
VU#557948 (CERT-VN)
http://www.mozilla.org/security/announce/mfsa2005-30.html (CONFIRM)
SUSE-SA:2006:004 (SUSE)
RHSA-2005:323 (REDHAT)
RHSA-2005:335 (REDHAT)
RHSA-2005:336 (REDHAT)
RHSA-2005:337 (REDHAT)
12881 (BID)
15495 (BID)
ADV-2005-0296 (VUPEN)
20050323 Mozilla Foundation GIF Overflow (ISS)
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=150877 (MISC)
gif-extension-overflow(19269) (XF)
oval:org.mitre.oval:def:100028 (OVAL)
oval:org.mitre.oval:def:11377 (OVAL)
CVE: CVE-2005-0401
CVE: CVE-2005-0401
Id:
CVE-2005-0401
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0401
Comment
: FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka "Firescrolling 2."
CVSSv2 Score:
5.1
Access vector:
NETWORK
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:P/I:P/A:P
CWE:
CWE-Other ()
References:
20050324 Firescrolling 2 [Firefox 1.0.1] (BUGTRAQ)
http://mikx.de/firescrolling2/ (MISC)
14654 (SECUNIA)
GLSA-200503-30 (GENTOO)
http://www.mozilla.org/security/announce/mfsa2005-32.html (CONFIRM)
RHSA-2005:335 (REDHAT)
RHSA-2005:336 (REDHAT)
RHSA-2005:384 (REDHAT)
12885 (BID)
ADV-2005-0296 (VUPEN)
oval:org.mitre.oval:def:100026 (OVAL)
oval:org.mitre.oval:def:9650 (OVAL)
CVE: CVE-2005-0402
CVE: CVE-2005-0402
Id:
CVE-2005-0402
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0402
Comment
: Firefox before 1.0.2 allows remote attackers to execute arbitrary code by tricking a user into saving a page as a Firefox sidebar panel, then using the sidebar panel to inject Javascript into a privileged page.
CVSSv2 Score:
2.6
Access vector:
NETWORK
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:N/I:P/A:N
CWE:
CWE-Other ()
References:
14654 (SECUNIA)
http://www.mozilla.org/security/announce/mfsa2005-31.html (CONFIRM)
RHSA-2005:336 (REDHAT)
ADV-2005-0296 (VUPEN)
https://bugzilla.mozilla.org/show_bug.cgi?id=284627 (MISC)
oval:org.mitre.oval:def:100027 (OVAL)
oval:org.mitre.oval:def:11868 (OVAL)
CVE: CVE-2005-0578
CVE: CVE-2005-0578
Id:
CVE-2005-0578
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0578
Comment
: Firefox before 1.0.1 and Mozilla Suite before 1.7.6 use a predictable filename for the plugin temporary directory, which allows local users to delete arbitrary files of other users via a symlink attack on the plugtmp directory.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CWE:
CWE-Other ()
References:
GLSA-200503-10 (GENTOO)
GLSA-200503-30 (GENTOO)
http://www.mozilla.org/security/announce/mfsa2005-28.html (CONFIRM)
RHSA-2005:176 (REDHAT)
RHSA-2005:384 (REDHAT)
12659 (BID)
oval:org.mitre.oval:def:10954 (OVAL)
CVE: CVE-2005-0584
CVE: CVE-2005-0584
Id:
CVE-2005-0584
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0584
Comment
: Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the HTTP Authentication dialog, do not change the focus to the tab that generated the prompt, which could facilitate spoofing and phishing attacks.
CVSSv2 Score:
2.6
Access vector:
NETWORK
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:N/I:P/A:N
CWE:
CWE-Other ()
References:
GLSA-200503-10 (GENTOO)
GLSA-200503-30 (GENTOO)
http://www.mozilla.org/security/announce/mfsa2005-24.html (CONFIRM)
RHSA-2005:176 (REDHAT)
RHSA-2005:384 (REDHAT)
https://bugzilla.mozilla.org/show_bug.cgi?id=277574 (CONFIRM)
oval:org.mitre.oval:def:100034 (OVAL)
oval:org.mitre.oval:def:11191 (OVAL)
CVE: CVE-2005-0585
CVE: CVE-2005-0585
Id:
CVE-2005-0585
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0585
Comment
: Firefox before 1.0.1 and Mozilla before 1.7.6 truncates long sub-domains or paths for display, which may allow remote malicious web sites to spoof legitimate sites and facilitate phishing attacks.
CVSSv2 Score:
2.6
Access vector:
NETWORK
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:N/I:P/A:N
CWE:
CWE-Other ()
References:
13599 (SECUNIA)
http://secunia.com/secunia_research/2004-15/advisory/ (MISC)
GLSA-200503-10 (GENTOO)
GLSA-200503-30 (GENTOO)
http://www.mozilla.org/security/announce/mfsa2005-23.html (CONFIRM)
RHSA-2005:176 (REDHAT)
RHSA-2005:384 (REDHAT)
oval:org.mitre.oval:def:100035 (OVAL)
oval:org.mitre.oval:def:9924 (OVAL)
CVE: CVE-2005-0586
CVE: CVE-2005-0586
Id:
CVE-2005-0586
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0586
Comment
: Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header, which could be used to trick users into downloading dangerous content.
CVSSv2 Score:
2.6
Access vector:
NETWORK
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:N/I:P/A:N
CWE:
CWE-Other ()
References:
13258 (SECUNIA)
GLSA-200503-10 (GENTOO)
http://www.mozilla.org/security/announce/mfsa2005-22.html (CONFIRM)
RHSA-2005:176 (REDHAT)
RHSA-2005:384 (REDHAT)
12659 (BID)
oval:org.mitre.oval:def:100036 (OVAL)
oval:org.mitre.oval:def:11152 (OVAL)
CVE: CVE-2005-0587
CVE: CVE-2005-0587
Id:
CVE-2005-0587
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0587
Comment
: Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file.
CVSSv2 Score:
2.6
Access vector:
NETWORK
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:N/I:P/A:N
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
HIGH
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CWE:
59 (Improper Link Resolution Before File Access ('Link Following'))
References:
http://www.mozilla.org/security/announce/mfsa2005-21.html (CONFIRM)
19823 (SECUNIA)
12659 (BID)
SUSE-SA:2006:004 (SUSE)
oval:org.mitre.oval:def:100037 (OVAL)
CVE: CVE-2005-0588
CVE: CVE-2005-0588
Id:
CVE-2005-0588
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0588
Comment
: Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain, which allows remote attackers to determine the existence of files on the local system.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE:
CWE-Other ()
References:
GLSA-200503-10 (GENTOO)
GLSA-200503-30 (GENTOO)
http://www.mozilla.org/security/announce/mfsa2005-20.html (CONFIRM)
RHSA-2005:176 (REDHAT)
RHSA-2005:384 (REDHAT)
12659 (BID)
https://bugzilla.mozilla.org/show_bug.cgi?id=271209 (CONFIRM)
oval:org.mitre.oval:def:100038 (OVAL)
oval:org.mitre.oval:def:10682 (OVAL)
CVE: CVE-2005-0589
CVE: CVE-2005-0589
Id:
CVE-2005-0589
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0589
Comment
: The Form Fill feature in Firefox before 1.0.1 allows remote attackers to steal potentially sensitive information via an input control that monitors the values that are generated by the autocomplete capability.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE:
CWE-Other ()
References:
GLSA-200503-10 (GENTOO)
http://www.mozilla.org/security/announce/mfsa2005-19.html (CONFIRM)
RHSA-2005:176 (REDHAT)
12659 (BID)
https://bugzilla.mozilla.org/show_bug.cgi?id=270697 (CONFIRM)
oval:org.mitre.oval:def:100039 (OVAL)
oval:org.mitre.oval:def:10825 (OVAL)
CVE: CVE-2005-0590
CVE: CVE-2005-0590
Id:
CVE-2005-0590
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0590
Comment
: The installation confirmation dialog in Firefox before 1.0.1, Thunderbird before 1.0.1, and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the installation via a long "user:pass" sequence in the URL, which appears before the real hostname.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE:
CWE-Other ()
References:
19823 (SECUNIA)
GLSA-200503-10 (GENTOO)
GLSA-200503-30 (GENTOO)
http://www.mozilla.org/security/announce/mfsa2005-17.html (CONFIRM)
SUSE-SA:2006:004 (SUSE)
RHSA-2005:176 (REDHAT)
RHSA-2005:384 (REDHAT)
12659 (BID)
https://bugzilla.mozilla.org/show_bug.cgi?id=268059 (CONFIRM)
oval:org.mitre.oval:def:100041 (OVAL)
oval:org.mitre.oval:def:10010 (OVAL)
CVE: CVE-2005-0591
CVE: CVE-2005-0591
Id:
CVE-2005-0591
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0591
Comment
: Firefox before 1.0.1 allows remote attackers to spoof the (1) security and (2) download modal dialog boxes, which could be used to trick users into executing script or downloading and executing a file, aka "Firespoofing."
CVSSv2 Score:
2.6
Access vector:
NETWORK
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:N/I:P/A:N
CWE:
CWE-Other ()
References:
20050111 Firespoofing [Firefox 1.0] (BUGTRAQ)
13786 (SECUNIA)
GLSA-200503-10 (GENTOO)
GLSA-200503-30 (GENTOO)
http://www.mikx.de/firespoofing/ (MISC)
http://www.mikx.de/index.php?p=7 (MISC)
http://www.mozilla.org/security/announce/mfsa2005-16.html (CONFIRM)
RHSA-2005:176 (REDHAT)
RHSA-2005:384 (REDHAT)
12234 (BID)
https://bugzilla.mozilla.org/show_bug.cgi?id=260560 (CONFIRM)
web-browser-modal-spoofing(18864) (XF)
oval:org.mitre.oval:def:100042 (OVAL)
oval:org.mitre.oval:def:10039 (OVAL)
CVE: CVE-2005-0592
CVE: CVE-2005-0592
Id:
CVE-2005-0592
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0592
Comment
: Heap-based buffer overflow in the UTF8ToNewUnicode function for Firefox before 1.0.1 and Mozilla before 1.7.6 might allow remote attackers to cause a denial of service (crash) or execute arbitrary code via invalid sequences in a UTF8 encoded string that result in a zero length value.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE:
CWE-Other ()
References:
19823 (SECUNIA)
GLSA-200503-10 (GENTOO)
GLSA-200503-30 (GENTOO)
http://www.mozilla.org/security/announce/mfsa2005-15.html (CONFIRM)
SUSE-SA:2006:004 (SUSE)
RHSA-2005:176 (REDHAT)
12659 (BID)
https://bugzilla.mozilla.org/show_bug.cgi?id=241440 (CONFIRM)
oval:org.mitre.oval:def:100043 (OVAL)
oval:org.mitre.oval:def:10606 (OVAL)
CVE: CVE-2005-0593
CVE: CVE-2005-0593
Id:
CVE-2005-0593
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0593
Comment
: Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers to spoof the SSL "secure site" lock icon via (1) a web site that does not finish loading, which shows the lock of the previous site, (2) a non-HTTP server that uses SSL, which causes the lock to be displayed when the SSL handshake is completed, or (3) a URL that generates an HTTP 204 error, which updates the icon and location information but does not change the display of the original site.
CVSSv2 Score:
2.6
Access vector:
NETWORK
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:N/I:P/A:N
CWE:
CWE-Other ()
References:
GLSA-200503-10 (GENTOO)
GLSA-200503-30 (GENTOO)
http://www.mozilla.org/security/announce/mfsa2005-14.html (CONFIRM)
RHSA-2005:176 (REDHAT)
RHSA-2005:384 (REDHAT)
12659 (BID)
https://bugzilla.mozilla.org/show_bug.cgi?id=258048 (CONFIRM)
https://bugzilla.mozilla.org/show_bug.cgi?id=268483 (CONFIRM)
https://bugzilla.mozilla.org/show_bug.cgi?id=276720 (CONFIRM)
https://bugzilla.mozilla.org/show_bug.cgi?id=277564 (CONFIRM)
oval:org.mitre.oval:def:100044 (OVAL)
oval:org.mitre.oval:def:9533 (OVAL)
CVE: CVE-2005-0752
CVE: CVE-2005-0752
Id:
CVE-2005-0752
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0752
Comment
: The Plugin Finder Service (PFS) in Firefox before 1.0.3 allows remote attackers to execute arbitrary code via a javascript: URL in the PLUGINSPAGE attribute of an EMBED tag.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE:
CWE-Other ()
References:
14938 (SECUNIA)
http://www.mozilla.org/security/announce/mfsa2005-34.html (CONFIRM)
RHSA-2005:383 (REDHAT)
13228 (BID)
oval:org.mitre.oval:def:100024 (OVAL)
oval:org.mitre.oval:def:10279 (OVAL)
CVE: CVE-2005-0989
CVE: CVE-2005-0989
Id:
CVE-2005-0989
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0989
Comment
: The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
References:
SCOSA-2005.49 (SCO)
14820 (SECUNIA)
14821 (SECUNIA)
19823 (SECUNIA)
1013635 (SECTRACK)
1013643 (SECTRACK)
GLSA-200504-18 (GENTOO)
http://www.mozilla.org/security/announce/mfsa2005-33.html (CONFIRM)
SUSE-SA:2006:004 (SUSE)
RHSA-2005:383 (REDHAT)
RHSA-2005:384 (REDHAT)
RHSA-2005:386 (REDHAT)
RHSA-2005:601 (REDHAT)
12988 (BID)
15495 (BID)
https://bugzilla.mozilla.org/show_bug.cgi?id=288688 (CONFIRM)
oval:org.mitre.oval:def:100025 (OVAL)
oval:org.mitre.oval:def:11706 (OVAL)
CVE: CVE-2005-1153
CVE: CVE-2005-1153
Id:
CVE-2005-1153
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1153
Comment
: Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a popup, allows remote attackers to execute arbitrary code via a javascript: URL that is executed when the user selects the "Show javascript" option.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE:
CWE-Other ()
References:
SCOSA-2005.49 (SCO)
14938 (SECUNIA)
14992 (SECUNIA)
GLSA-200504-18 (GENTOO)
http://www.mozilla.org/security/announce/mfsa2005-35.html (CONFIRM)
RHSA-2005:383 (REDHAT)
RHSA-2005:384 (REDHAT)
RHSA-2005:386 (REDHAT)
15495 (BID)
https://bugzilla.mozilla.org/show_bug.cgi?id=289204 (CONFIRM)
oval:org.mitre.oval:def:100023 (OVAL)
oval:org.mitre.oval:def:9584 (OVAL)
CVE: CVE-2005-1154
CVE: CVE-2005-1154
Id:
CVE-2005-1154
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1154
Comment
: Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary script in other domains via a setter function for a variable in the target domain, which is executed when the user visits that domain, aka "Cross-site scripting through global scope pollution."
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE:
CWE-Other ()
References:
SCOSA-2005.49 (SCO)
14938 (SECUNIA)
14992 (SECUNIA)
GLSA-200504-18 (GENTOO)
http://www.mozilla.org/security/announce/mfsa2005-36.html (CONFIRM)
RHSA-2005:383 (REDHAT)
RHSA-2005:384 (REDHAT)
RHSA-2005:386 (REDHAT)
13230 (BID)
15495 (BID)
https://bugzilla.mozilla.org/show_bug.cgi?id=289675 (CONFIRM)
oval:org.mitre.oval:def:100022 (OVAL)
oval:org.mitre.oval:def:10339 (OVAL)
CVE: CVE-2005-1155
CVE: CVE-2005-1155
Id:
CVE-2005-1155
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1155
Comment
: The favicon functionality in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary code via a <LINK rel="icon"> tag with a javascript: URL in the href attribute, aka "Firelinking."
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE:
94 (Improper Control of Generation of Code ('Code Injection'))
References:
SCOSA-2005.49 (SCO)
14938 (SECUNIA)
14992 (SECUNIA)
GLSA-200504-18 (GENTOO)
VU#973309 (CERT-VN)
http://www.mikx.de/firelinking/ (MISC)
http://www.mozilla.org/security/announce/mfsa2005-37.html (CONFIRM)
RHSA-2005:383 (REDHAT)
RHSA-2005:384 (REDHAT)
RHSA-2005:386 (REDHAT)
13216 (BID)
15495 (BID)
https://bugzilla.mozilla.org/show_bug.cgi?id=290036 (CONFIRM)
oval:org.mitre.oval:def:100021 (OVAL)
oval:org.mitre.oval:def:10655 (OVAL)
CVE: CVE-2005-1156
CVE: CVE-2005-1156
Id:
CVE-2005-1156
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1156
Comment
: Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka "Firesearching 1."
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE:
CWE-Other ()
References:
SCOSA-2005.49 (SCO)
14938 (SECUNIA)
14992 (SECUNIA)
14996 (SECUNIA)
1013745 (SECTRACK)
GLSA-200504-18 (GENTOO)
http://www.mikx.de/firesearching/ (MISC)
http://www.mozilla.org/security/announce/mfsa2005-38.html (CONFIRM)
RHSA-2005:383 (REDHAT)
RHSA-2005:384 (REDHAT)
RHSA-2005:386 (REDHAT)
13211 (BID)
15495 (BID)
https://bugzilla.mozilla.org/show_bug.cgi?id=290037 (CONFIRM)
mozilla-plugin-xss(20125) (XF)
oval:org.mitre.oval:def:100020 (OVAL)
oval:org.mitre.oval:def:11230 (OVAL)
CVE: CVE-2005-1157
CVE: CVE-2005-1157
Id:
CVE-2005-1157
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1157
Comment
: Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in the GUI, which could then be used to execute malicious script, aka "Firesearching 2."
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE:
CWE-Other ()
References:
SCOSA-2005.49 (SCO)
14938 (SECUNIA)
14992 (SECUNIA)
14996 (SECUNIA)
http://www.mikx.de/firesearching/ (MISC)
http://www.mozilla.org/security/announce/mfsa2005-38.html (CONFIRM)
RHSA-2005:383 (REDHAT)
RHSA-2005:384 (REDHAT)
RHSA-2005:386 (REDHAT)
13211 (BID)
15495 (BID)
https://bugzilla.mozilla.org/show_bug.cgi?id=290037 (CONFIRM)
mozilla-plugin-xss(20125) (XF)
oval:org.mitre.oval:def:9961 (OVAL)
CVE: CVE-2005-1158
CVE: CVE-2005-1158
Id:
CVE-2005-1158
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1158
Comment
: Multiple "missing security checks" in Firefox before 1.0.3 allow remote attackers to inject arbitrary Javascript into privileged pages using the _search target of the Firefox sidebar.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE:
CWE-Other ()
References:
14938 (SECUNIA)
http://www.mozilla.org/security/announce/mfsa2005-39.html (CONFIRM)
RHSA-2005:383 (REDHAT)
13231 (BID)
https://bugzilla.mozilla.org/show_bug.cgi?id=290079 (CONFIRM)
oval:org.mitre.oval:def:100019 (OVAL)
oval:org.mitre.oval:def:11734 (OVAL)
CVE: CVE-2005-1159
CVE: CVE-2005-1159
Id:
CVE-2005-1159
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1159
Comment
: The native implementations of InstallTrigger and other functions in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 do not properly verify the types of objects being accessed, which causes the Javascript interpreter to continue execution at the wrong memory address, which may allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code by passing objects of the wrong type.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE:
CWE-Other ()
References:
SCOSA-2005.49 (SCO)
14938 (SECUNIA)
14992 (SECUNIA)
19823 (SECUNIA)
1013742 (SECTRACK)
1013743 (SECTRACK)
GLSA-200504-18 (GENTOO)
http://www.mozilla.org/security/announce/mfsa2005-40.html (CONFIRM)
SUSE-SA:2006:004 (SUSE)
RHSA-2005:383 (REDHAT)
RHSA-2005:384 (REDHAT)
RHSA-2005:386 (REDHAT)
RHSA-2005:601 (REDHAT)
13232 (BID)
15495 (BID)
https://bugzilla.mozilla.org/show_bug.cgi?id=290162 (CONFIRM)
mozilla-installtrigger-command-execution(20123) (XF)
oval:org.mitre.oval:def:100018 (OVAL)
oval:org.mitre.oval:def:10629 (OVAL)
CVE: CVE-2005-1160
CVE: CVE-2005-1160
Id:
CVE-2005-1160
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1160
Comment
: The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to gain privileges by overriding certain properties or methods of DOM nodes, as demonstrated using multiple attacks involving the eval function or the Script object.
CVSSv2 Score:
5.1
Access vector:
NETWORK
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:P/I:P/A:P
CWE:
CWE-Other ()
References:
SCOSA-2005.49 (SCO)
14938 (SECUNIA)
14992 (SECUNIA)
19823 (SECUNIA)
GLSA-200504-18 (GENTOO)
http://www.mozilla.org/security/announce/mfsa2005-41.html (CONFIRM)
SUSE-SA:2006:004 (SUSE)
RHSA-2005:383 (REDHAT)
RHSA-2005:384 (REDHAT)
RHSA-2005:386 (REDHAT)
RHSA-2005:601 (REDHAT)
13233 (BID)
15495 (BID)
https://bugzilla.mozilla.org/show_bug.cgi?id=289074 (CONFIRM)
https://bugzilla.mozilla.org/show_bug.cgi?id=289083 (CONFIRM)
https://bugzilla.mozilla.org/show_bug.cgi?id=289961 (CONFIRM)
oval:org.mitre.oval:def:100017 (OVAL)
oval:org.mitre.oval:def:11291 (OVAL)
CVE: CVE-2005-1531
CVE: CVE-2005-1531
Id:
CVE-2005-1531
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1531
Comment
: Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly implement certain security checks for script injection, which allows remote attackers to execute script via "Wrapped" javascript: URLs, as demonstrated using (1) a javascript: URL in a view-source: URL, (2) a javascript: URL in a jar: URL, or (3) "a nested variant."
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE:
CWE-Other ()
References:
SCOSA-2005.49 (SCO)
1013962 (SECTRACK)
1013963 (SECTRACK)
http://www.mozilla.org/security/announce/mfsa2005-43.html (CONFIRM)
RHSA-2005:434 (REDHAT)
RHSA-2005:435 (REDHAT)
13641 (BID)
15495 (BID)
ADV-2005-0530 (VUPEN)
oval:org.mitre.oval:def:100015 (OVAL)
oval:org.mitre.oval:def:10351 (OVAL)
CVE: CVE-2005-1532
CVE: CVE-2005-1532
Id:
CVE-2005-1532
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1532
Comment
: Firefox before 1.0.4 and Mozilla Suite before 1.7.8 do not properly limit privileges of Javascript eval and Script objects in the calling context, which allows remote attackers to conduct unauthorized activities via "non-DOM property overrides," a variant of CVE-2005-1160.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE:
264 (Permissions, Privileges, and Access Controls)
References:
SCOSA-2005.49 (SCO)
19823 (SECUNIA)
1013964 (SECTRACK)
1013965 (SECTRACK)
http://www.mozilla.org/security/announce/mfsa2005-44.html (CONFIRM)
SUSE-SA:2006:004 (SUSE)
RHSA-2005:434 (REDHAT)
RHSA-2005:435 (REDHAT)
RHSA-2005:601 (REDHAT)
13645 (BID)
15495 (BID)
ADV-2005-0530 (VUPEN)
oval:org.mitre.oval:def:100014 (OVAL)
oval:org.mitre.oval:def:10791 (OVAL)
CVE: CVE-2005-1937
CVE: CVE-2005-1937
Id:
CVE-2005-1937
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1937
Comment
: A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site, aka the frame injection spoofing vulnerability, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2004-0718.
CVSSv2 Score:
2.6
Access vector:
NETWORK
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:N/I:P/A:N
CWE:
CWE-Other ()
References:
15601 (SECUNIA)
http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/ (MISC)
101952 (SUNALERT)
DSA-777 (DEBIAN)
DSA-810 (DEBIAN)
http://www.mozilla.org/security/announce/mfsa2005-51.html (CONFIRM)
SUSE-SR:2005:018 (SUSE)
SUSE-SA:2005:045 (SUSE)
RHSA-2005:586 (REDHAT)
RHSA-2005:587 (REDHAT)
14242 (BID)
ADV-2005-1075 (VUPEN)
https://bugzilla.mozilla.org/show_bug.cgi?id=296850 (CONFIRM)
FLSA:160202 (FEDORA)
oval:org.mitre.oval:def:100007 (OVAL)
oval:org.mitre.oval:def:10633 (OVAL)
oval:org.mitre.oval:def:637 (OVAL)
oval:org.mitre.oval:def:759 (OVAL)
CVE: CVE-2005-2260
CVE: CVE-2005-2260
Id:
CVE-2005-2260
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2260
Comment
: The browser user interface in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dangerous actions that normally could only be performed manually by the user.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE:
CWE-Other ()
References:
http://bugzilla.mozilla.org/show_bug.cgi?id=289940 (MISC)
16043 (SECUNIA)
16044 (SECUNIA)
16059 (SECUNIA)
P-252 (CIAC)
DSA-810 (DEBIAN)
http://www.mozilla.org/security/announce/mfsa2005-45.html (CONFIRM)
http://www.networksecurity.fi/advisories/netscape-multiple-issues.html (MISC)
SUSE-SR:2005:018 (SUSE)
SUSE-SA:2005:045 (SUSE)
RHSA-2005:586 (REDHAT)
RHSA-2005:587 (REDHAT)
14242 (BID)
ADV-2005-1075 (VUPEN)
FLSA:160202 (FEDORA)
oval:org.mitre.oval:def:100013 (OVAL)
oval:org.mitre.oval:def:10132 (OVAL)
oval:org.mitre.oval:def:1226 (OVAL)
oval:org.mitre.oval:def:742 (OVAL)
CVE: CVE-2005-2261
CVE: CVE-2005-2261
Id:
CVE-2005-2261
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2261
Comment
: Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, Netscape 8.0.2, and K-Meleon 0.9 runs XBL scripts even when Javascript has been disabled, which makes it easier for remote attackers to bypass such protection.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE:
CWE-Other ()
References:
16043 (SECUNIA)
16044 (SECUNIA)
16059 (SECUNIA)
19823 (SECUNIA)
P-252 (CIAC)
DSA-810 (DEBIAN)
http://www.mozilla.org/security/announce/mfsa2005-46.html (CONFIRM)
http://www.networksecurity.fi/advisories/netscape-multiple-issues.html (MISC)
SUSE-SR:2005:018 (SUSE)
SUSE-SA:2005:045 (SUSE)
SUSE-SA:2006:004 (SUSE)
RHSA-2005:586 (REDHAT)
RHSA-2005:587 (REDHAT)
RHSA-2005:601 (REDHAT)
14242 (BID)
ADV-2005-1075 (VUPEN)
https://bugzilla.mozilla.org/show_bug.cgi?id=292589 (MISC)
https://bugzilla.mozilla.org/show_bug.cgi?id=292591 (MISC)
FLSA:160202 (FEDORA)
oval:org.mitre.oval:def:100012 (OVAL)
oval:org.mitre.oval:def:10947 (OVAL)
oval:org.mitre.oval:def:1348 (OVAL)
oval:org.mitre.oval:def:808 (OVAL)
CVE: CVE-2005-2262
CVE: CVE-2005-2262
Id:
CVE-2005-2262
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2262
Comment
: Firefox 1.0.3 and 1.0.4, and Netscape 8.0.2, allows remote attackers to execute arbitrary code by tricking the user into using the "Set As Wallpaper" (in Firefox) or "Set as Background" (in Netscape) context menu on an image URL that is really a javascript: URL with an eval statement, aka "Firewalling."
CVSSv2 Score:
5.1
Access vector:
NETWORK
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:P/I:P/A:P
CWE:
CWE-Other ()
References:
16043 (SECUNIA)
16044 (SECUNIA)
P-252 (CIAC)
http://www.mikx.de/firewalling/ (MISC)
http://www.mozilla.org/security/announce/mfsa2005-47.html (CONFIRM)
http://www.networksecurity.fi/advisories/netscape-multiple-issues.html (MISC)
SUSE-SR:2005:018 (SUSE)
SUSE-SA:2005:045 (SUSE)
RHSA-2005:586 (REDHAT)
http://www.securiteam.com/securitynews/5ZP0E0UGAK.html (MISC)
14242 (BID)
ADV-2005-1075 (VUPEN)
oval:org.mitre.oval:def:100011 (OVAL)
oval:org.mitre.oval:def:11097 (OVAL)
CVE: CVE-2005-2263
CVE: CVE-2005-2263
Id:
CVE-2005-2263
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2263
Comment
: The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes the callback to be run in the context of the new page and results in a same origin violation.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE:
CWE-Other ()
References:
16043 (SECUNIA)
16059 (SECUNIA)
P-252 (CIAC)
DSA-810 (DEBIAN)
http://www.mozilla.org/security/announce/mfsa2005-48.html (CONFIRM)
SUSE-SR:2005:018 (SUSE)
SUSE-SA:2005:045 (SUSE)
RHSA-2005:586 (REDHAT)
RHSA-2005:587 (REDHAT)
14242 (BID)
ADV-2005-1075 (VUPEN)
https://bugzilla.mozilla.org/show_bug.cgi?id=293331 (MISC)
FLSA:160202 (FEDORA)
oval:org.mitre.oval:def:100010 (OVAL)
oval:org.mitre.oval:def:100016 (OVAL)
oval:org.mitre.oval:def:11629 (OVAL)
oval:org.mitre.oval:def:1281 (OVAL)
oval:org.mitre.oval:def:1311 (OVAL)
CVE: CVE-2005-2264
CVE: CVE-2005-2264
Id:
CVE-2005-2264
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2264
Comment
: Firefox before 1.0.5 allows remote attackers to steal sensitive information by opening a malicious link in the Firefox sidebar using the _search target, then injecting script into other pages via a data: URL.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE:
CWE-Other ()
References:
16043 (SECUNIA)
P-252 (CIAC)
http://www.mozilla.org/security/announce/mfsa2005-49.html (CONFIRM)
SUSE-SR:2005:018 (SUSE)
SUSE-SA:2005:045 (SUSE)
RHSA-2005:586 (REDHAT)
14242 (BID)
ADV-2005-1075 (VUPEN)
https://bugzilla.mozilla.org/show_bug.cgi?id=294074 (MISC)
oval:org.mitre.oval:def:100009 (OVAL)
oval:org.mitre.oval:def:9887 (OVAL)
CVE: CVE-2005-2265
CVE: CVE-2005-2265
Id:
CVE-2005-2265
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2265
Comment
: Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service (access violation and crash), and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead of a string.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE:
CWE-Other ()
References:
16043 (SECUNIA)
16044 (SECUNIA)
16059 (SECUNIA)
19823 (SECUNIA)
P-252 (CIAC)
DSA-810 (DEBIAN)
http://www.mozilla.org/security/announce/mfsa2005-50.html (CONFIRM)
http://www.networksecurity.fi/advisories/netscape-multiple-issues.html (MISC)
SUSE-SR:2005:018 (SUSE)
SUSE-SA:2005:045 (SUSE)
SUSE-SA:2006:004 (SUSE)
RHSA-2005:586 (REDHAT)
RHSA-2005:587 (REDHAT)
RHSA-2005:601 (REDHAT)
14242 (BID)
ADV-2005-1075 (VUPEN)
https://bugzilla.mozilla.org/show_bug.cgi?id=295854 (MISC)
FLSA:160202 (FEDORA)
oval:org.mitre.oval:def:100008 (OVAL)
oval:org.mitre.oval:def:10397 (OVAL)
oval:org.mitre.oval:def:417 (OVAL)
oval:org.mitre.oval:def:781 (OVAL)
CVE: CVE-2005-2266
CVE: CVE-2005-2266
Id:
CVE-2005-2266
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2266
Comment
: Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensitive information such as cookies and passwords from web sites whose child frames do not verify that they are in the same domain as their parents.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE:
CWE-Other ()
References:
15549 (SECUNIA)
15551 (SECUNIA)
15553 (SECUNIA)
19823 (SECUNIA)
DSA-810 (DEBIAN)
http://www.mozilla.org/security/announce/mfsa2005-52.html (CONFIRM)
SUSE-SR:2005:018 (SUSE)
SUSE-SA:2005:045 (SUSE)
SUSE-SA:2006:004 (SUSE)
RHSA-2005:586 (REDHAT)
RHSA-2005:587 (REDHAT)
RHSA-2005:601 (REDHAT)
14242 (BID)
ADV-2005-1075 (VUPEN)
FLSA:160202 (FEDORA)
mozilla-frame-topfocus-xss(21332) (XF)
oval:org.mitre.oval:def:100107 (OVAL)
oval:org.mitre.oval:def:10712 (OVAL)
oval:org.mitre.oval:def:1415 (OVAL)
oval:org.mitre.oval:def:773 (OVAL)
CVE: CVE-2005-2267
CVE: CVE-2005-2267
Id:
CVE-2005-2267
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2267
Comment
: Firefox before 1.0.5 allows remote attackers to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a javascript: URL, which is run in the context of the previous page, and may lead to code execution if the standalone application loads a privileged chrome: URL.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE:
CWE-Other ()
References:
16043 (SECUNIA)
1014469 (SECTRACK)
P-252 (CIAC)
http://www.mozilla.org/security/announce/mfsa2005-53.html (CONFIRM)
SUSE-SR:2005:018 (SUSE)
SUSE-SA:2005:045 (SUSE)
RHSA-2005:586 (REDHAT)
RHSA-2005:587 (REDHAT)
14242 (BID)
ADV-2005-1075 (VUPEN)
https://bugzilla.mozilla.org/show_bug.cgi?id=298255 (MISC)
FLSA:160202 (FEDORA)
oval:org.mitre.oval:def:100006 (OVAL)
oval:org.mitre.oval:def:1073 (OVAL)
oval:org.mitre.oval:def:11334 (OVAL)
oval:org.mitre.oval:def:1172 (OVAL)
CVE: CVE-2005-2268
CVE: CVE-2005-2268
Id:
CVE-2005-2268
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2268
Comment
: Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."
CVSSv2 Score:
2.6
Access vector:
NETWORK
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:N/I:P/A:N
CWE:
CWE-Other ()
References:
15489 (SECUNIA)
http://secunia.com/multiple_browsers_dialog_origin_vulnerability_test/ (MISC)
DSA-810 (DEBIAN)
http://www.mozilla.org/security/announce/mfsa2005-54.html (CONFIRM)
SUSE-SR:2005:018 (SUSE)
SUSE-SA:2005:045 (SUSE)
RHSA-2005:586 (REDHAT)
RHSA-2005:587 (REDHAT)
14242 (BID)
ADV-2005-1075 (VUPEN)
FLSA:160202 (FEDORA)
oval:org.mitre.oval:def:100005 (OVAL)
oval:org.mitre.oval:def:10517 (OVAL)
oval:org.mitre.oval:def:1268 (OVAL)
oval:org.mitre.oval:def:1313 (OVAL)
CVE: CVE-2005-2269
CVE: CVE-2005-2269
Id:
CVE-2005-2269
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2269
Comment
: Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to execution of arbitrary script or code, as demonstrated using an XHTML document with IMG tags with custom properties ("XHTML node spoofing").
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE:
CWE-Other ()
References:
16043 (SECUNIA)
16044 (SECUNIA)
16059 (SECUNIA)
19823 (SECUNIA)
P-252 (CIAC)
DSA-810 (DEBIAN)
http://www.mozilla.org/security/announce/mfsa2005-55.html (CONFIRM)
http://www.networksecurity.fi/advisories/netscape-multiple-issues.html (MISC)
SUSE-SR:2005:018 (SUSE)
SUSE-SA:2005:045 (SUSE)
SUSE-SA:2006:004 (SUSE)
RHSA-2005:586 (REDHAT)
RHSA-2005:587 (REDHAT)
RHSA-2005:601 (REDHAT)
14242 (BID)
ADV-2005-1075 (VUPEN)
https://bugzilla.mozilla.org/show_bug.cgi?id=298892 (MISC)
FLSA:160202 (FEDORA)
oval:org.mitre.oval:def:100004 (OVAL)
oval:org.mitre.oval:def:100005 (OVAL)
oval:org.mitre.oval:def:100011 (OVAL)
oval:org.mitre.oval:def:1258 (OVAL)
oval:org.mitre.oval:def:729 (OVAL)
oval:org.mitre.oval:def:9777 (OVAL)
CVE: CVE-2005-2270
CVE: CVE-2005-2270
Id:
CVE-2005-2270
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2270
Comment
: Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone base objects, which allows remote attackers to execute arbitrary code by navigating the prototype chain to reach a privileged object.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE:
CWE-Other ()
References:
16043 (SECUNIA)
16059 (SECUNIA)
19823 (SECUNIA)
1014470 (SECTRACK)
P-252 (CIAC)
DSA-810 (DEBIAN)
VU#652366 (CERT-VN)
http://www.mozilla.org/security/announce/mfsa2005-56.html (CONFIRM)
SUSE-SR:2005:018 (SUSE)
SUSE-SA:2005:045 (SUSE)
SUSE-SA:2006:004 (SUSE)
RHSA-2005:586 (REDHAT)
RHSA-2005:587 (REDHAT)
RHSA-2005:601 (REDHAT)
14242 (BID)
ADV-2005-1075 (VUPEN)
https://bugzilla.mozilla.org/show_bug.cgi?id=294795 (MISC)
https://bugzilla.mozilla.org/show_bug.cgi?id=294799 (MISC)
https://bugzilla.mozilla.org/show_bug.cgi?id=295011 (MISC)
https://bugzilla.mozilla.org/show_bug.cgi?id=296397 (MISC)
FLSA:160202 (FEDORA)
oval:org.mitre.oval:def:100003 (OVAL)
oval:org.mitre.oval:def:11751 (OVAL)
oval:org.mitre.oval:def:550 (OVAL)
oval:org.mitre.oval:def:817 (OVAL)
Content available only for registered users!
ovaldb@altx-soft.com