5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.954 High
EPSS
Percentile
99.2%
Mozilla Firefox is an open source Web browser.
A buffer overflow bug was found in the way Firefox processes GIF images. It
is possible for an attacker to create a specially crafted GIF image, which
when viewed by a victim will execute arbitrary code as the victim. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-0399 to this issue.
A bug was found in the way Firefox processes XUL content. If a malicious
web page can trick a user into dragging an object, it is possible to load
malicious XUL content. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0401 to this issue.
A bug was found in the way Firefox bookmarks content to the sidebar. If a
user can be tricked into bookmarking a malicious web page into the sidebar
panel, that page could execute arbitrary programs. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-0402 to this issue.
Users of Firefox are advised to upgrade to this updated package which
contains Firefox version 1.0.2 and is not vulnerable to these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | s390x | firefox | < 1.0.2-1.4.1 | firefox-1.0.2-1.4.1.s390x.rpm |
RedHat | any | i386 | firefox | < 1.0.2-1.4.1 | firefox-1.0.2-1.4.1.i386.rpm |
RedHat | any | src | firefox | < 1.0.2-1.4.1 | firefox-1.0.2-1.4.1.src.rpm |
RedHat | any | ppc | firefox | < 1.0.2-1.4.1 | firefox-1.0.2-1.4.1.ppc.rpm |
RedHat | any | s390 | firefox | < 1.0.2-1.4.1 | firefox-1.0.2-1.4.1.s390.rpm |
RedHat | any | x86_64 | firefox | < 1.0.2-1.4.1 | firefox-1.0.2-1.4.1.x86_64.rpm |
RedHat | any | ia64 | firefox | < 1.0.2-1.4.1 | firefox-1.0.2-1.4.1.ia64.rpm |