Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1159

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-1159
Last Modified 07 Mar 2011 09:21:10
Published 02 May 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-1159

Summary

The native implementations of InstallTrigger and other functions in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 do not properly verify the types of objects being accessed, which causes the Javascript interpreter to continue execution at the wrong memory address, which may allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code by passing objects of the wrong type.

Vulnerable Systems

Application

  • Mozilla 1.3

  • Mozilla 1.4

  • Mozilla 1.4.1

  • Mozilla 1.5

  • Mozilla 1.5.1

  • Mozilla 1.6

  • Mozilla 1.7

  • Mozilla 1.7.1

  • Mozilla 1.7.2

  • Mozilla 1.7.3

  • Mozilla 1.7.5

  • Mozilla 1.7.6

  • Mozilla Firefox 0.10

  • Mozilla Firefox 0.10.1

  • Mozilla Firefox 0.8

  • Mozilla Firefox 0.9

  • Mozilla Firefox 0.9.1

  • Mozilla Firefox 0.9.2

  • Mozilla Firefox 0.9.3

  • Mozilla Firefox 1.0

  • Mozilla Firefox 1.0.1

  • Mozilla Firefox 1.0.2


References

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=290162

XF - mozilla-installtrigger-command-execution(20123)

BID - 13232

REDHAT - RHSA-2005:386

REDHAT - RHSA-2005:383

GENTOO - GLSA-200504-18

SECTRACK - 1013743

SECTRACK - 1013742

SECUNIA - 14992

SECUNIA - 14938

SUSE - SUSE-SA:2006:004

CONFIRM - http://www.mozilla.org/security/announce/mfsa2005-40.html

BID - 15495

REDHAT - RHSA-2005:601

REDHAT - RHSA-2005:384

SUSE - SUSE-SA:2006:022

SECUNIA - 19823

SCO - SCOSA-2005.49


Last Updated: 27 May 2016 10:40:04