CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
97.8%
Firefox before 1.0.4 and Mozilla Suite before 1.7.8 do not properly limit privileges of Javascript eval and Script objects in the calling context, which allows remote attackers to conduct unauthorized activities via “non-DOM property overrides,” a variant of CVE-2005-1160.
Vendor | Product | Version | CPE |
---|---|---|---|
mozilla | firefox | 0.8 | cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:* |
mozilla | firefox | 0.9 | cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:* |
mozilla | firefox | 0.9 | cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:* |
mozilla | firefox | 0.9.1 | cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:* |
mozilla | firefox | 0.9.2 | cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:* |
mozilla | firefox | 0.9.3 | cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:* |
mozilla | firefox | 0.10 | cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:* |
mozilla | firefox | 0.10.1 | cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:* |
mozilla | firefox | 1.0 | cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:* |
mozilla | firefox | 1.0.1 | cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:* |
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
secunia.com/advisories/19823
securitytracker.com/id?1013964
securitytracker.com/id?1013965
www.mozilla.org/security/announce/mfsa2005-44.html
www.novell.com/linux/security/advisories/2006_04_25.html
www.redhat.com/support/errata/RHSA-2005-434.html
www.redhat.com/support/errata/RHSA-2005-435.html
www.redhat.com/support/errata/RHSA-2005-601.html
www.securityfocus.com/bid/13645
www.securityfocus.com/bid/15495
www.vupen.com/english/advisories/2005/0530
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100014
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10791