Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2269

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-2269
Last Modified 07 Mar 2011 09:24:00
Published 13 Jul 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-2269

Summary

Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to execution of arbitrary script or code, as demonstrated using an XHTML document with IMG tags with custom properties ("XHTML node spoofing").

Vulnerable Systems

Application

  • Mozilla 1.3

  • Mozilla 1.4

  • Mozilla 1.4.1

  • Mozilla 1.5

  • Mozilla 1.5.1

  • Mozilla 1.6

  • Mozilla 1.7

  • Mozilla 1.7.1

  • Mozilla 1.7.2

  • Mozilla 1.7.3

  • Mozilla 1.7.5

  • Mozilla 1.7.6

  • Mozilla 1.7.7

  • Mozilla 1.7.8

  • Mozilla Firefox 0.10

  • Mozilla Firefox 0.10.1

  • Mozilla Firefox 0.8

  • Mozilla Firefox 0.9

  • Mozilla Firefox 0.9.1

  • Mozilla Firefox 0.9.2

  • Mozilla Firefox 0.9.3

  • Mozilla Firefox 1.0

  • Mozilla Firefox 1.0.1

  • Mozilla Firefox 1.0.2

  • Mozilla Firefox 1.0.3

  • Mozilla Firefox 1.0.4


References

CONFIRM - http://www.mozilla.org/security/announce/mfsa2005-55.html

MISC - https://bugzilla.mozilla.org/show_bug.cgi?id=298892

VUPEN - ADV-2005-1075

SUSE - SUSE-SA:2006:004

FEDORA - FLSA:160202

BID - 14242

REDHAT - RHSA-2005:601

REDHAT - RHSA-2005:587

REDHAT - RHSA-2005:586

SUSE - SUSE-SA:2006:022

SUSE - SUSE-SA:2005:045

SUSE - SUSE-SR:2005:018

MISC - http://www.networksecurity.fi/advisories/netscape-multiple-issues.html

DEBIAN - DSA-810

CIAC - P-252

SECUNIA - 19823

SECUNIA - 16059

SECUNIA - 16044

SECUNIA - 16043


Last Updated: 27 May 2016 10:40:28