Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1476

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2005-1476
Last Modified 07 Mar 2011 09:22:02
Published 09 May 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2005-1476

Summary

Firefox 1.0.3 allows remote attackers to execute arbitrary Javascript in other domains by using an IFRAME and causing the browser to navigate to a previous javascript: URL, which can lead to arbitrary code execution when combined with CVE-2005-1477.

Vulnerable Systems

Application

  • Mozilla Firefox 1.0.3


References

CERT-VN - VU#534710

SECUNIA - 15292

MISC - https://bugzilla.mozilla.org/show_bug.cgi?id=293302

MISC - https://bugzilla.mozilla.org/show_bug.cgi?id=292691

XF - mozilla-javascript-code-execution(20443)

VUPEN - ADV-2005-0493

BID - 13544

CONFIRM - http://www.mozilla.org/security/announce/mfsa2005-42.html

SECTRACK - 1013913

MISC - http://greyhatsecurity.org/vulntests/ffrc.htm

MISC - http://greyhatsecurity.org/firefox.htm

BID - 15495

REDHAT - RHSA-2005:435

REDHAT - RHSA-2005:434

FULLDISC - 20050508 Firefox Remote Compromise Technical Details

FULLDISC - 20050508 Firefox Remote Compromise Leaked

SCO - SCOSA-2005.49


Last Updated: 27 May 2016 10:40:10