ID CVE-2005-0752
Summary The Plugin Finder Service (PFS) in Firefox before 1.0.3 allows remote attackers to execute arbitrary code via a javascript: URL in the PLUGINSPAGE attribute of an EMBED tag.
References
Vulnerable Configurations
  • Mozilla Firefox 0.8
    cpe:2.3:a:mozilla:firefox:0.8
  • Mozilla Firefox 0.9
    cpe:2.3:a:mozilla:firefox:0.9
  • Mozilla Firefox 0.9 rc
    cpe:2.3:a:mozilla:firefox:0.9:rc
  • Mozilla Firefox 0.9.1
    cpe:2.3:a:mozilla:firefox:0.9.1
  • Mozilla Firefox 0.9.2
    cpe:2.3:a:mozilla:firefox:0.9.2
  • Mozilla Firefox 0.9.3
    cpe:2.3:a:mozilla:firefox:0.9.3
  • Mozilla Firefox 0.10
    cpe:2.3:a:mozilla:firefox:0.10
  • Mozilla Firefox 0.10.1
    cpe:2.3:a:mozilla:firefox:0.10.1
  • Mozilla Firefox 1.0
    cpe:2.3:a:mozilla:firefox:1.0
  • Mozilla Firefox 1.0.1
    cpe:2.3:a:mozilla:firefox:1.0.1
  • Mozilla Firefox 1.0.2
    cpe:2.3:a:mozilla:firefox:1.0.2
CVSS
Base: 7.5 (as of 10-06-2005 - 12:14)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-383.NASL
    description Updated firefox packages that fix various security bugs are now available. This update has been rated as having Important security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Vladimir V. Perepelitsa discovered a bug in the way Firefox handles anonymous functions during regular expression string replacement. It is possible for a malicious web page to capture a random block of browser memory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0989 to this issue. Omar Khan discovered a bug in the way Firefox processes the PLUGINSPAGE tag. It is possible for a malicious web page to trick a user into pressing the 'manual install' button for an unknown plugin leading to arbitrary JavaScript code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0752 to this issue. Doron Rosenberg discovered a bug in the way Firefox displays pop-up windows. If a user choses to open a pop-up window whose URL is malicious JavaScript, the script will be executed with elevated privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1153 to this issue. A bug was found in the way Firefox handles the JavaScript global scope for a window. It is possible for a malicious web page to define a global variable known to be used by a different site, allowing malicious code to be executed in the context of the site. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1154 to this issue. Michael Krax discovered a bug in the way Firefox handles favicon links. A malicious web page can programatically define a favicon link tag as JavaScript, executing arbitrary JavaScript with elevated privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1155 to this issue. Michael Krax discovered a bug in the way Firefox installed search plugins. If a user chooses to install a search plugin from a malicious site, the new plugin could silently overwrite an existing plugin. This could allow the malicious plugin to execute arbitrary code and steal sensitive information. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-1156 and CVE-2005-1157 to these issues. Kohei Yoshino discovered a bug in the way Firefox opens links in its sidebar. A malicious web page could construct a link in such a way that, when clicked on, could execute arbitrary JavaScript with elevated privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1158 to this issue. A bug was found in the way Firefox validated several XPInstall related JavaScript objects. A malicious web page could pass other objects to the XPInstall objects, resulting in the JavaScript interpreter jumping to arbitrary locations in memory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1159 to this issue. A bug was found in the way the Firefox privileged UI code handled DOM nodes from the content window. A malicious web page could install malicious JavaScript code or steal data requiring a user to do commonplace actions such as clicking a link or opening the context menu. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1160 to this issue. Users of Firefox are advised to upgrade to this updated package which contains Firefox version 1.0.3 and is not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 18109
    published 2005-04-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18109
    title RHEL 4 : firefox (RHSA-2005:383)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2005-383.NASL
    description Updated firefox packages that fix various security bugs are now available. This update has been rated as having Important security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Vladimir V. Perepelitsa discovered a bug in the way Firefox handles anonymous functions during regular expression string replacement. It is possible for a malicious web page to capture a random block of browser memory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0989 to this issue. Omar Khan discovered a bug in the way Firefox processes the PLUGINSPAGE tag. It is possible for a malicious web page to trick a user into pressing the 'manual install' button for an unknown plugin leading to arbitrary JavaScript code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0752 to this issue. Doron Rosenberg discovered a bug in the way Firefox displays pop-up windows. If a user choses to open a pop-up window whose URL is malicious JavaScript, the script will be executed with elevated privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1153 to this issue. A bug was found in the way Firefox handles the JavaScript global scope for a window. It is possible for a malicious web page to define a global variable known to be used by a different site, allowing malicious code to be executed in the context of the site. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1154 to this issue. Michael Krax discovered a bug in the way Firefox handles favicon links. A malicious web page can programatically define a favicon link tag as JavaScript, executing arbitrary JavaScript with elevated privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1155 to this issue. Michael Krax discovered a bug in the way Firefox installed search plugins. If a user chooses to install a search plugin from a malicious site, the new plugin could silently overwrite an existing plugin. This could allow the malicious plugin to execute arbitrary code and steal sensitive information. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-1156 and CVE-2005-1157 to these issues. Kohei Yoshino discovered a bug in the way Firefox opens links in its sidebar. A malicious web page could construct a link in such a way that, when clicked on, could execute arbitrary JavaScript with elevated privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1158 to this issue. A bug was found in the way Firefox validated several XPInstall related JavaScript objects. A malicious web page could pass other objects to the XPInstall objects, resulting in the JavaScript interpreter jumping to arbitrary locations in memory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1159 to this issue. A bug was found in the way the Firefox privileged UI code handled DOM nodes from the content window. A malicious web page could install malicious JavaScript code or steal data requiring a user to do commonplace actions such as clicking a link or opening the context menu. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1160 to this issue. Users of Firefox are advised to upgrade to this updated package which contains Firefox version 1.0.3 and is not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21929
    published 2006-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21929
    title CentOS 4 : Firefox (CESA-2005:383)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-088.NASL
    description A number of security vulnerabilities were fixed in the Mozilla Firefox 1.0.4 and Mozilla Suite 1.7.8 releases. Patches have been backported where appropriate; Corporate 3.0 is receiving the new Mozilla Suite 1.7.8 release. The following issues have been fixed in both Mozilla Firefox and Mozilla Suite : - A flaw in the JavaScript regular expression handling could lead to a disclosure of browser memory, potentially exposing private data from web pages viewed, passwords, or similar data sent to other web pages. It could also crash the browser itself (CVE-2005-0989, MFSA 2005-33) - With manual Plugin install, it was possible for the Plugin to execute JavaScript code with the installing user's privileges (CVE-2005-0752 and MFSA 2005-34) - The popup for showing blocked JavaScript used the wrong privilege context which could be sued for privilege escalation (CVE-2005-1153 and MFSA 2005-35) - Cross-site scripting through global scope pollution could lead an attacker to being able to run code in foreign websites context, leading to the potential sniffing of information or performing actions in that context (CVE-2005-1154 and MFSA 2005-36) - Code execution through JavaScript via favicons ('firelinking') could be used for privilege escalation (CVE-2005-1155 and MFSA 2005-37) - Search plugin cross-site scripting ('firesearching') (CVE-2005-1156, CVE-2005-1157, and MFSA 2005-38) - Arbitrary code execution via the Firefox sidebar panel II (CVE-2005-1158 and MFSA 2005-39) - Missing Install object instance checks (CVE-2005-1159 and MFSA 2005-40) - Privilege escalation via DOM property overrides (CVE-2005-1160 and MFSA 2005-41) - Code execution via javacript: IconURL (MFSA 2005-42) - Security check bypass by wrapping a javascript: URL in the view-source: pseudo protocol (MFSA 2005-43) - Privilege escalation via non-DOM property overrides (MFSA 2005-44) In addition to the vulnerabilities previously noted, the following issues have been fixed in the Mozilla Suite 1.7.2 packages : - Bypass restriction on opening privileged XUL (CVE-2005-0401 and MSF 2005-32) - Arbitrary code execution via a GIF processing error when parsing obsolete Netscape extension 2 leading to an exploitable heap overrun (CVE-2005-0401 and MFSA 2005-32) - International Domain Name support could allow for characters that look similar to other english letters to be used in constructing nearly perfect phishing sites (MFSA 2005-29) - Predictable plugin temporary directory name (MFSA 2005-28) - Plugins can be used to load privileged content into a frame (CVE-2005-0527 and MFSA 2005-27) - Cross-site scripting attack via dropping javascript: links on a tab (MFSA 2005-26) - Image dragging-and-drop from a web page to the desktop preserve their original name and extension; if this were an executable extension then the file would be executed rather than opened in a media application (MFSA 2005-25) - HTTP authentication prompt tab spoofing (MFSA 2005-24) - Download dialog source can be disguised by using a host name long enough that most significant parts are truncated, allowing a malicious site to spoof the origin of the file (MFSA 2005-23) - Download dialog spoofing via supplied Content-Disposition header could allow for a file to look like a safe file (ie. a JPEG image) and when downloaded saved with an executable extension (MFSA 2005-22) - XSLT can include stylesheets from arbitrary hosts (MFSA 2005-20) - Memory handling flaw in Mozilla string classes that could overwrite memory at a fixed location if reallocation fails during string growth (MFSA 2005-18) - Install source spoofing with user:pass@host (MFSA 2005-17) - Spoofing download and security dialogs with overlapping windows (MFSA 2005-16) - It is possible for a UTF8 string with invalid sequences to trigger a heap overflow of converted Unicode data (MFSA 2005-15) - SSL 'secure site' indicator spoofing (MFSA 2005-14) - Mozilla mail clients responded to cookie requests accompanying content loaded over HTTP, ignoring the setting of the preference 'network.cookie.disableCookieForMailNews' which could be used to track people (MFSA 2005-11) - Browser responds to proxy authentication requests from non-proxy servers (SSL/HTTPS) (MFSA 2005-09) - Snythetic middle-click event can steal clipboard contents (MFSA 2005-08) - In windows with multiple tabs, malicious content in a background tab can attempt to steal information intended for the topmost tab by popping up a prompt dialog that appears to come from the trusted site, or by silently redirecting input focus to a background tab hoping to catch the user inputting something sensitive (MFSA 2005-05) - Secure site lock can be spoofed with 'view-source:' (MFSA 2005-04) - An insecure page triggering a load of a binary file from a secure server will cause the SSL lock icon to appear; the certificate information is that of the binary file's host and the location bar URL shows the original insecure page (MFSA 2005-03) - Temporary files are saved with world-readable permissions (MFSA 2005-02) - A vulnerability in the NNTP handling code could cause a heap overflow and execute arbitrary code on the client machine (isec-0020) - A number of other minor bugs were fixed as well. Mandriva recommends all users to upgrade to these packages immediately.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 18277
    published 2005-05-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18277
    title Mandrake Linux Security Advisory : mozilla (MDKSA-2005:088)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_CE6AC624AEC811D9A7880001020EED82.NASL
    description A Mozilla Foundation Security Advisory reports : When a webpage requires a plugin that is not installed the user can click to launch the Plugin Finder Service (PFS) to find an appropriate plugin. If the service does not have an appropriate plugin the EMBED tag is checked for a PLUGINSPAGE attribute, and if one is found the PFS dialog will contain a 'manual install' button that will load the PLUGINSPAGE url. Omar Khan reported that if the PLUGINSPAGE attribute contains a javascript: url then pressing the button could launch arbitrary code capable of stealing local data or installing malicious code. Doron Rosenberg reported a variant that injects script by appending it to a malformed URL of any protocol.
    last seen 2019-02-21
    modified 2018-11-23
    plugin id 19129
    published 2005-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19129
    title FreeBSD : firefox -- PLUGINSPAGE privileged javascript execution (ce6ac624-aec8-11d9-a788-0001020eed82)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-149-3.NASL
    description USN-149-1 fixed some vulnerabilities in the Ubuntu 5.04 (Hoary Hedgehog) version of Firefox. The version shipped with Ubuntu 4.10 (Warty Warthog) is also vulnerable to these flaws, so it needs to be upgraded as well. Please see http://www.ubuntulinux.org/support/documentation/usn/usn-149-1 for the original advisory. This update also fixes several older vulnerabilities; Some of them could be exploited to execute arbitrary code with full user privileges if the user visited a malicious website. (MFSA-2005-01 to MFSA-2005-44; please see the following website for details: http://www.mozilla.org/projects/security/known-vulnerabilities.html) Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 20546
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20546
    title Ubuntu 4.10 : mozilla-firefox vulnerabilities (USN-149-3)
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_103.NASL
    description The remote version of this software contains various security issues that may allow an attacker to execute arbitrary code on the remote host.
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 18064
    published 2005-04-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18064
    title Firefox < 1.0.3 Multiple Vulnerabilities
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-296-2.NASL
    description USN-296-1 fixed several vulnerabilities in Firefox for the Ubuntu 6.06 LTS release. This update provides the corresponding fixes for Ubuntu 5.04 and Ubuntu 5.10. For reference, these are the details of the original USN : Jonas Sicking discovered that under some circumstances persisted XUL attributes are associated with the wrong URL. A malicious website could exploit this to execute arbitrary code with the privileges of the user. (MFSA 2006-35, CVE-2006-2775) Paul Nickerson discovered that content-defined setters on an object prototype were getting called by privileged UI code. It was demonstrated that this could be exploited to run arbitrary web script with full user privileges (MFSA 2006-37, CVE-2006-2776). A similar attack was discovered by moz_bug_r_a4 that leveraged SelectionObject notifications that were called in privileged context. (MFSA 2006-43, CVE-2006-2777) Mikolaj Habryn discovered a buffer overflow in the crypto.signText() function. By tricking a user to visit a site with an SSL certificate with specially crafted optional Certificate Authority name arguments, this could potentially be exploited to execute arbitrary code with the user's privileges. (MFSA 2006-38, CVE-2006-2778) The Mozilla developer team discovered several bugs that lead to crashes with memory corruption. These might be exploitable by malicious websites to execute arbitrary code with the privileges of the user. (MFSA 2006-32, CVE-2006-2779, CVE-2006-2780, CVE-2006-2788) Chuck McAuley reported that the fix for CVE-2006-1729 (file stealing by changing input type) was not sufficient to prevent all variants of exploitation. (MFSA 2006-41, CVE-2006-2782) Masatoshi Kimura found a way to bypass web input sanitizers which filter out JavaScript. By inserting 'Unicode Byte-order-Mark (BOM)' characters into the HTML code (e. g. ''), these filters might not recognize the tags anymore; however, Firefox would still execute them since BOM markers are filtered out before processing the page. (MFSA 2006-42, CVE-2006-2783) Paul Nickerson noticed that the fix for CVE-2005-0752 (JavaScript privilege escalation on the plugins page) was not sufficient to prevent all variants of exploitation. (MFSA 2006-36, CVE-2006-2784) Paul Nickerson demonstrated that if an attacker could convince a user to right-click on a broken image and choose 'View Image' from the context menu then he could get JavaScript to run on a site of the attacker's choosing. This could be used to steal login cookies or other confidential information from the target site. (MFSA 2006-34, CVE-2006-2785) Kazuho Oku discovered various ways to perform HTTP response smuggling when used with certain proxy servers. Due to different interpretation of nonstandard HTTP headers in Firefox and the proxy server, a malicious website can exploit this to send back two responses to one request. The second response could be used to steal login cookies or other sensitive data from another opened website. (MFSA 2006-33, CVE-2006-2786). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-08-15
    plugin id 27869
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27869
    title Ubuntu 5.04 / 5.10 : firefox, mozilla-firefox vulnerabilities (USN-296-2)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-296-1.NASL
    description Jonas Sicking discovered that under some circumstances persisted XUL attributes are associated with the wrong URL. A malicious website could exploit this to execute arbitrary code with the privileges of the user. (MFSA 2006-35, CVE-2006-2775) Paul Nickerson discovered that content-defined setters on an object prototype were getting called by privileged UI code. It was demonstrated that this could be exploited to run arbitrary web script with full user privileges (MFSA 2006-37, CVE-2006-2776). A similar attack was discovered by moz_bug_r_a4 that leveraged SelectionObject notifications that were called in privileged context. (MFSA 2006-43, CVE-2006-2777) Mikolaj Habryn discovered a buffer overflow in the crypto.signText() function. By tricking a user to visit a site with an SSL certificate with specially crafted optional Certificate Authority name arguments, this could potentially be exploited to execute arbitrary code with the user's privileges. (MFSA 2006-38, CVE-2006-2778) The Mozilla developer team discovered several bugs that lead to crashes with memory corruption. These might be exploitable by malicious websites to execute arbitrary code with the privileges of the user. (MFSA 2006-32, CVE-2006-2779, CVE-2006-2780, CVE-2006-2788) Chuck McAuley reported that the fix for CVE-2006-1729 (file stealing by changing input type) was not sufficient to prevent all variants of exploitation. (MFSA 2006-41, CVE-2006-2782) Masatoshi Kimura found a way to bypass web input sanitizers which filter out JavaScript. By inserting 'Unicode Byte-order-Mark (BOM)' characters into the HTML code (e. g. ''), these filters might not recognize the tags anymore; however, Firefox would still execute them since BOM markers are filtered out before processing the page. (MFSA 2006-42, CVE-2006-2783) Paul Nickerson noticed that the fix for CVE-2005-0752 (JavaScript privilege escalation on the plugins page) was not sufficient to prevent all variants of exploitation. (MFSA 2006-36, CVE-2006-2784) Paul Nickerson demonstrated that if an attacker could convince a user to right-click on a broken image and choose 'View Image' from the context menu then he could get JavaScript to run on a site of the attacker's choosing. This could be used to steal login cookies or other confidential information from the target site. (MFSA 2006-34, CVE-2006-2785) Kazuho Oku discovered various ways to perform HTTP response smuggling when used with certain proxy servers. Due to different interpretation of nonstandard HTTP headers in Firefox and the proxy server, a malicious website can exploit this to send back two responses to one request. The second response could be used to steal login cookies or other sensitive data from another opened website. (MFSA 2006-33, CVE-2006-2786). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 27868
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27868
    title Ubuntu 6.06 LTS : firefox vulnerabilities (USN-296-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-323-1.NASL
    description Jonas Sicking discovered that under some circumstances persisted XUL attributes are associated with the wrong URL. A malicious website could exploit this to execute arbitrary code with the privileges of the user. (MFSA 2006-35, CVE-2006-2775) Paul Nickerson discovered that content-defined setters on an object prototype were getting called by privileged UI code. It was demonstrated that this could be exploited to run arbitrary web script with full user privileges (MFSA 2006-37, CVE-2006-2776). A similar attack was discovered by moz_bug_r_a4 that leveraged SelectionObject notifications that were called in privileged context. (MFSA 2006-43, CVE-2006-2777) Mikolaj Habryn discovered a buffer overflow in the crypto.signText() function. By tricking a user to visit a site with an SSL certificate with specially crafted optional Certificate Authority name arguments, this could potentially be exploited to execute arbitrary code with the user's privileges. (MFSA 2006-38, CVE-2006-2778) The Mozilla developer team discovered several bugs that lead to crashes with memory corruption. These might be exploitable by malicious websites to execute arbitrary code with the privileges of the user. (MFSA 2006-32, CVE-2006-2779, CVE-2006-2780) Masatoshi Kimura discovered a memory corruption (double-free) when processing a large VCard with invalid base64 characters in it. By sending a maliciously crafted set of VCards to a user, this could potentially be exploited to execute arbitrary code with the user's privileges. (MFSA 2006-40, CVE-2006-2781) Chuck McAuley reported that the fix for CVE-2006-1729 (file stealing by changing input type) was not sufficient to prevent all variants of exploitation. (MFSA 2006-41, CVE-2006-2782) Masatoshi Kimura found a way to bypass web input sanitizers which filter out JavaScript. By inserting 'Unicode Byte-order-Mark (BOM)' characters into the HTML code (e. g. ''), these filters might not recognize the tags anymore; however, Mozilla would still execute them since BOM markers are filtered out before processing the page. (MFSA 2006-42, CVE-2006-2783) Paul Nickerson noticed that the fix for CVE-2005-0752 (JavaScript privilege escalation on the plugins page) was not sufficient to prevent all variants of exploitation. (MFSA 2006-36, CVE-2006-2784) Paul Nickerson demonstrated that if an attacker could convince a user to right-click on a broken image and choose 'View Image' from the context menu then he could get JavaScript to run on a site of the attacker's choosing. This could be used to steal login cookies or other confidential information from the target site. (MFSA 2006-34, CVE-2006-2785) Kazuho Oku discovered various ways to perform HTTP response smuggling when used with certain proxy servers. Due to different interpretation of nonstandard HTTP headers in Mozilla and the proxy server, a malicious website can exploit this to send back two responses to one request. The second response could be used to steal login cookies or other sensitive data from another opened website. (MFSA 2006-33, CVE-2006-2786). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-08-15
    plugin id 27901
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27901
    title Ubuntu 5.04 / 5.10 : mozilla vulnerabilities (USN-323-1)
oval via4
  • accepted 2007-05-09T16:10:36.639-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Matthew Wojcik
      organization The MITRE Corporation
    • name Matthew Wojcik
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    description The Plugin Finder Service (PFS) in Firefox before 1.0.3 allows remote attackers to execute arbitrary code via a javascript: URL in the PLUGINSPAGE attribute of an EMBED tag.
    family windows
    id oval:org.mitre.oval:def:100024
    status accepted
    submitted 2005-08-16T12:00:00.000-04:00
    title Mozilla PLUGINSPAGE Privileged Javascript Execution Vulnerability
    version 6
  • accepted 2013-04-29T04:04:15.725-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    description The Plugin Finder Service (PFS) in Firefox before 1.0.3 allows remote attackers to execute arbitrary code via a javascript: URL in the PLUGINSPAGE attribute of an EMBED tag.
    family unix
    id oval:org.mitre.oval:def:10279
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title The Plugin Finder Service (PFS) in Firefox before 1.0.3 allows remote attackers to execute arbitrary code via a javascript: URL in the PLUGINSPAGE attribute of an EMBED tag.
    version 23
redhat via4
advisories
rhsa
id RHSA-2005:383
refmap via4
bid 13228
confirm http://www.mozilla.org/security/announce/mfsa2005-34.html
secunia 14938
Last major update 28-08-2013 - 00:40
Published 18-04-2005 - 00:00
Last modified 10-10-2017 - 21:30
Back to Top