Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2455

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-2455
Last Modified 07 Mar 2011 09:24:30
Published 04 Aug 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-2455

Summary

Greasemonkey before 0.3.5 allows remote web servers to (1) read arbitrary files via a GET request to a file:// URL in the GM_xmlhttpRequest API function, (2) list installed scripts using GM_scripts, or obtain sensitive information via (3) GM_setValue and GM_getValue.

Vulnerable Systems

Application

  • Greasemonkey 0.3.3


References

XF - mozilla-greasemonkey-information-disclosure(21453)

BID - 14336

MISC - http://www.securiteam.com/securitynews/5CP0P20GBK.html

SECTRACK - 1014529

SECUNIA - 16128

CONFIRM - http://greasemonkey.mozdev.org/changes/0.3.5.html

CONFIRM - http://greaseblog.blogspot.com/2005/07/mandatory-greasemonkey-update.html

VUPEN - ADV-2005-1147

OSVDB - 18154

MLIST - [Greasemonkey] 20050718 greasemonkey for secure data over insecure networks / sites


Last Updated: 27 May 2016 10:40:31