5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.954 High
EPSS
Percentile
99.2%
Added: 06/09/2006
CVE: CVE-2005-0399
BID: 12881
OSVDB: 14937
Mozilla is a suite of Internet client products available for multiple platforms.
A heap overflow in Mozilla Firefox when processing GIF images with the obsolete Netscape extension 2 allows command execution when a user visits a malicious web site.
Upgrade to Firefox 1.0.2 or higher.
<http://www.mozilla.org/security/announce/2005/mfsa2005-30.html>
Exploit works on Firefox 1.0.1. In order for exploitation to succeed, a user must load the exploit page in a vulnerable browser.
Windows 2000
Windows XP