Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0150

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-0150
Last Modified 10 Sep 2008 03:35:03
Published 26 May 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-0150

Summary

Firefox before 1.0 allows the user to store a (1) javascript: or (2) data: URLs as a Livefeed bookmark, then executes it in the security context of the currently loaded page when the user later accesses the bookmark, which could allow remote attackers to execute arbitrary code.

Vulnerable Systems

Application

  • Mozilla Firefox 0.10

  • Mozilla Firefox 0.10.1

  • Mozilla Firefox 0.8

  • Mozilla Firefox 0.9

  • Mozilla Firefox 0.9.1

  • Mozilla Firefox 0.9.2

  • Mozilla Firefox 0.9.3

  • Mozilla Firefox 1.0


References

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=265668

XF - mozilla-firefox-livefeed-xss(19187)

CONFIRM - http://www.mozilla.org/security/announce/mfsa2005-12.html

BID - 12407


Last Updated: 27 May 2016 10:39:42