Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3089

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2005-3089
Last Modified 21 Aug 2010 12:33:07
Published 28 Sep 2005 02:03:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2005-3089

Summary

Firefox 1.0.6 allows attackers to cause a denial of service (crash) via a Proxy Auto-Config (PAC) script that uses an eval statement. NOTE: it is not clear whether an untrusted party has any role in triggering this issue, so it might not be a vulnerability.

Vulnerable Systems

Application

  • Mozilla Firefox 1.0

  • Mozilla Firefox 1.0.1

  • Mozilla Firefox 1.0.2

  • Mozilla Firefox 1.0.3

  • Mozilla Firefox 1.0.4

  • Mozilla Firefox 1.0.5

  • Mozilla Firefox 1.0.6


References

XF - mozillafirefox-proxy-dos(22371)

BID - 14924

MISC - http://www.mozilla.org/products/firefox/releases/1.0.7.html

SECTRACK - 1014949

MISC - https://bugzilla.mozilla.org/show_bug.cgi?id=302100

OSVDB - 19615

FEDORA - FLSA-2006:168375

SECUNIA - 16977


Last Updated: 27 May 2016 10:40:48