Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1532

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-1532
Last Modified 07 Mar 2011 09:22:09
Published 12 May 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-1532

Summary

Firefox before 1.0.4 and Mozilla Suite before 1.7.8 do not properly limit privileges of Javascript eval and Script objects in the calling context, which allows remote attackers to conduct unauthorized activities via "non-DOM property overrides," a variant of CVE-2005-1160.

Vulnerable Systems

Application

  • Mozilla 1.3

  • Mozilla 1.4

  • Mozilla 1.4.1

  • Mozilla 1.5

  • Mozilla 1.5.1

  • Mozilla 1.6

  • Mozilla 1.7

  • Mozilla 1.7.1

  • Mozilla 1.7.2

  • Mozilla 1.7.3

  • Mozilla 1.7.5

  • Mozilla 1.7.6

  • Mozilla 1.7.7

  • Mozilla Firefox 0.10

  • Mozilla Firefox 0.10.1

  • Mozilla Firefox 0.8

  • Mozilla Firefox 0.9

  • Mozilla Firefox 0.9.1

  • Mozilla Firefox 0.9.2

  • Mozilla Firefox 0.9.3

  • Mozilla Firefox 1.0

  • Mozilla Firefox 1.0.1

  • Mozilla Firefox 1.0.2

  • Mozilla Firefox 1.0.3


References

VUPEN - ADV-2005-0530

BID - 15495

BID - 13645

REDHAT - RHSA-2005:601

REDHAT - RHSA-2005:435

REDHAT - RHSA-2005:434

SUSE - SUSE-SA:2006:004

SUSE - SUSE-SA:2006:022

CONFIRM - http://www.mozilla.org/security/announce/mfsa2005-44.html

SECTRACK - 1013965

SECTRACK - 1013964

SECUNIA - 19823

SCO - SCOSA-2005.49


Last Updated: 27 May 2016 10:40:12