Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1157

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-1157
Last Modified 21 Aug 2010 12:27:58
Published 02 May 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-1157

Summary

Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in the GUI, which could then be used to execute malicious script, aka "Firesearching 2."

Vulnerable Systems

Application

  • Mozilla 1.3

  • Mozilla 1.4

  • Mozilla 1.4.1

  • Mozilla 1.5

  • Mozilla 1.5.1

  • Mozilla 1.6

  • Mozilla 1.7

  • Mozilla 1.7.1

  • Mozilla 1.7.2

  • Mozilla 1.7.3

  • Mozilla 1.7.5

  • Mozilla 1.7.6

  • Mozilla Firefox 0.10

  • Mozilla Firefox 0.10.1

  • Mozilla Firefox 0.8

  • Mozilla Firefox 0.9

  • Mozilla Firefox 0.9.1

  • Mozilla Firefox 0.9.2

  • Mozilla Firefox 0.9.3

  • Mozilla Firefox 1.0

  • Mozilla Firefox 1.0.1

  • Mozilla Firefox 1.0.2

  • Netscape Navigator 7.2


References

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=290037

XF - mozilla-plugin-xss(20125)

BID - 13211

REDHAT - RHSA-2005:386

REDHAT - RHSA-2005:383

SECUNIA - 14996

SECUNIA - 14992

SECUNIA - 14938

CONFIRM - http://www.mozilla.org/security/announce/mfsa2005-38.html

MISC - http://www.mikx.de/firesearching/

BID - 15495

REDHAT - RHSA-2005:384

SCO - SCOSA-2005.49


Last Updated: 27 May 2016 10:40:04