ID CVE-2005-1477
Summary The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities such as CVE-2005-1476, as demonstrated using a javascript: URL as the package icon and a cross-site scripting (XSS) attack on a vulnerable whitelist site.
References
Vulnerable Configurations
  • Mozilla Firefox 1.0.3
    cpe:2.3:a:mozilla:firefox:1.0.3
CVSS
Base: 5.1 (as of 10-05-2005 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_104.NASL
    description The installed version of Firefox is earlier than 1.0.4. Such versions have multiple vulnerabilities that may allow arbitrary code execution.
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 18243
    published 2005-05-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18243
    title Firefox < 1.0.4 Multiple Vulnerabilities
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_ECA6195AC23311D9804C02061B08FC24.NASL
    description A Mozilla Foundation Security Advisory reports : Two vulnerabilities have been discovered in Firefox, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a user's system. - The problem is that 'IFRAME' JavaScript URLs are not properly protected from being executed in context of another URL in the history list. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an arbitrary site. - Input passed to the 'IconURL' parameter in 'InstallTrigger.install()' is not properly verified before being used. This can be exploited to execute arbitrary JavaScript code with escalated privileges via a specially crafted JavaScript URL. Successful exploitation requires that the site is allowed to install software (default sites are 'update.mozilla.org' and 'addons.mozilla.org'). A combination of vulnerability 1 and 2 can be exploited to execute arbitrary code.
    last seen 2019-02-21
    modified 2018-11-23
    plugin id 19155
    published 2005-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19155
    title FreeBSD : mozilla -- code execution via javascript: IconURL vulnerability (eca6195a-c233-11d9-804c-02061b08fc24)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-435.NASL
    description Updated mozilla packages that fix various security bugs are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 24 May 2005] This erratum now includes updated devhelp packages which are required to satisfy a dependency on systems that have devhelp packages installed. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several bugs were found in the way Mozilla executes JavaScript code. JavaScript executed from a web page should run with a restricted access level, preventing dangerous actions. It is possible that a malicious web page could execute JavaScript code with elevated privileges, allowing access to protected data and functions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-1476, CVE-2005-1477, CVE-2005-1531, and CVE-2005-1532 to these issues. Users of Mozilla are advised to upgrade to this updated package, which contains Mozilla version 1.7.8 to correct these issues.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 18388
    published 2005-05-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18388
    title RHEL 2.1 / 3 / 4 : mozilla (RHSA-2005:435)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-434.NASL
    description Updated firefox packages that fix various security bugs are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several bugs were found in the way Firefox executes JavaScript code. JavaScript executed from a web page should run with a restricted access level, preventing dangerous actions. It is possible that a malicious web page could execute JavaScript code with elevated privileges, allowing access to protected data and functions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-1476, CVE-2005-1477, CVE-2005-1531, and CVE-2005-1532 to these issues. Please note that the effects of CVE-2005-1477 are mitigated by the default setup, which allows only the Mozilla Update site to attempt installation of Firefox extensions. The Mozilla Update site has been modified to prevent this attack from working. If other URLs have been manually added to the whitelist, it may be possible to execute this attack. Users of Firefox are advised to upgrade to this updated package which contains Firefox version 1.0.4 which is not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 18387
    published 2005-05-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18387
    title RHEL 4 : firefox (RHSA-2005:434)
  • NASL family Windows
    NASL id MOZILLA_178.NASL
    description The remote version of Mozilla contains various security issues that may allow an attacker to execute arbitrary code on the remote host.
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 18244
    published 2005-05-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18244
    title Mozilla Browser < 1.7.8 Multiple Vulnerabilities
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200505-11.NASL
    description The remote host is affected by the vulnerability described in GLSA-200505-11 (Mozilla Suite, Mozilla Firefox: Remote compromise) The Mozilla Suite and Firefox do not properly protect 'IFRAME' JavaScript URLs from being executed in context of another URL in the history list (CAN-2005-1476). The Mozilla Suite and Firefox also fail to verify the 'IconURL' parameter of the 'InstallTrigger.install()' function (CAN-2005-1477). Michael Krax and Georgi Guninski discovered that it is possible to bypass JavaScript-injection security checks by wrapping the javascript: URL within the view-source: or jar: pseudo-protocols (MFSA2005-43). Impact : A malicious remote attacker could use the 'IFRAME' issue to execute arbitrary JavaScript code within the context of another website, allowing to steal cookies or other sensitive data. By supplying a javascript: URL as the 'IconURL' parameter of the 'InstallTrigger.Install()' function, a remote attacker could also execute arbitrary JavaScript code. Combining both vulnerabilities with a website which is allowed to install software or wrapping javascript: URLs within the view-source: or jar: pseudo-protocols could possibly lead to the execution of arbitrary code with user privileges. Workaround : Affected systems can be protected by disabling JavaScript. However, we encourage Mozilla Suite or Mozilla Firefox users to upgrade to the latest available version.
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 18270
    published 2005-05-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18270
    title GLSA-200505-11 : Mozilla Suite, Mozilla Firefox: Remote compromise
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2005-435.NASL
    description Updated mozilla packages that fix various security bugs are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 24 May 2005] This erratum now includes updated devhelp packages which are required to satisfy a dependency on systems that have devhelp packages installed. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several bugs were found in the way Mozilla executes JavaScript code. JavaScript executed from a web page should run with a restricted access level, preventing dangerous actions. It is possible that a malicious web page could execute JavaScript code with elevated privileges, allowing access to protected data and functions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-1476, CVE-2005-1477, CVE-2005-1531, and CVE-2005-1532 to these issues. Users of Mozilla are advised to upgrade to this updated package, which contains Mozilla version 1.7.8 to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21827
    published 2006-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21827
    title CentOS 3 / 4 : mozilla (CESA-2005:435)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2005-434.NASL
    description Updated firefox packages that fix various security bugs are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several bugs were found in the way Firefox executes JavaScript code. JavaScript executed from a web page should run with a restricted access level, preventing dangerous actions. It is possible that a malicious web page could execute JavaScript code with elevated privileges, allowing access to protected data and functions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-1476, CVE-2005-1477, CVE-2005-1531, and CVE-2005-1532 to these issues. Please note that the effects of CVE-2005-1477 are mitigated by the default setup, which allows only the Mozilla Update site to attempt installation of Firefox extensions. The Mozilla Update site has been modified to prevent this attack from working. If other URLs have been manually added to the whitelist, it may be possible to execute this attack. Users of Firefox are advised to upgrade to this updated package which contains Firefox version 1.0.4 which is not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21939
    published 2006-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21939
    title CentOS 4 : firefox (CESA-2005:434)
oval via4
  • accepted 2007-03-21T16:16:19.069-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Matthew Wojcik
      organization The MITRE Corporation
    • name Anna Min
      organization BigFix, Inc
    • name Daniel Tarnu
      organization GFI Software
    description The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities such as CVE-2005-1476, as demonstrated using a javascript: URL as the package icon and a cross-site scripting (XSS) attack on a vulnerable whitelist site.
    family windows
    id oval:org.mitre.oval:def:100001
    status accepted
    submitted 2005-08-16T04:00:00.000-04:00
    title Install Function in Firefox and Mozilla Permits Arbitrary Code Execution
    version 4
  • accepted 2013-04-29T04:18:31.566-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    description The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities such as CVE-2005-1476, as demonstrated using a javascript: URL as the package icon and a cross-site scripting (XSS) attack on a vulnerable whitelist site.
    family unix
    id oval:org.mitre.oval:def:9231
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities such as CVE-2005-1476, as demonstrated using a javascript: URL as the package icon and a cross-site scripting (XSS) attack on a vulnerable whitelist site.
    version 24
redhat via4
advisories
  • rhsa
    id RHSA-2005:434
  • rhsa
    id RHSA-2005:435
refmap via4
bid
  • 13544
  • 15495
cert-vn VU#648758
confirm http://www.mozilla.org/security/announce/mfsa2005-42.html
fulldisc
  • 20050508 Firefox Remote Compromise Leaked
  • 20050508 Firefox Remote Compromise Technical Details
misc
sco SCOSA-2005.49
sectrack 1013913
secunia 15292
vupen ADV-2005-0493
xf mozilla-javascript-code-execution(20443)
Last major update 17-10-2016 - 23:19
Published 09-05-2005 - 00:00
Last modified 10-10-2017 - 21:30
Back to Top