ID CVE-2005-2267
Summary Firefox before 1.0.5 allows remote attackers to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a javascript: URL, which is run in the context of the previous page, and may lead to code execution if the standalone application loads a privileged chrome: URL.
References
Vulnerable Configurations
  • cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 11-10-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
oval via4
  • accepted 2007-05-09T16:10:28.528-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Christine Walzer
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Matthew Wojcik
      organization The MITRE Corporation
    • name Matthew Wojcik
      organization The MITRE Corporation
    • name Matthew Wojcik
      organization The MITRE Corporation
    • name John Hoyland
      organization Centennial Software
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    description Firefox before 1.0.5 allows remote attackers to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a javascript: URL, which is run in the context of the previous page, and may lead to code execution if the standalone application loads a privileged chrome: URL.
    family windows
    id oval:org.mitre.oval:def:100006
    status accepted
    submitted 2005-08-16T04:00:00.000-04:00
    title Firefox External App Code Acceptance Vulnerability
    version 7
  • accepted 2013-04-08T04:00:05.418-04:00
    class vulnerability
    contributors
    • name Jay Beale
      organization Bastille Linux
    • name Dragos Prisaca
      organization Symantec Corporation
    • name Dragos Prisaca
      organization G2, Inc.
    description Firefox before 1.0.5 allows remote attackers to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a javascript: URL, which is run in the context of the previous page, and may lead to code execution if the standalone application loads a privileged chrome: URL.
    family unix
    id oval:org.mitre.oval:def:1073
    status accepted
    submitted 2005-08-15T04:00:00.000-04:00
    title RHE4 Firefox External App Code Acceptance Vulnerability
    version 8
  • accepted 2013-04-29T04:13:19.491-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    description Firefox before 1.0.5 allows remote attackers to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a javascript: URL, which is run in the context of the previous page, and may lead to code execution if the standalone application loads a privileged chrome: URL.
    family unix
    id oval:org.mitre.oval:def:11334
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Firefox before 1.0.5 allows remote attackers to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a javascript: URL, which is run in the context of the previous page, and may lead to code execution if the standalone application loads a privileged chrome: URL.
    version 24
  • accepted 2005-10-12T05:49:00.000-04:00
    class vulnerability
    contributors
    name Jay Beale
    organization Bastille Linux
    description Firefox before 1.0.5 allows remote attackers to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a javascript: URL, which is run in the context of the previous page, and may lead to code execution if the standalone application loads a privileged chrome: URL.
    family unix
    id oval:org.mitre.oval:def:1172
    status accepted
    submitted 2005-08-15T04:00:00.000-04:00
    title RHE3 Firefox External App Code Acceptance Vulnerability
    version 4
redhat via4
advisories
  • rhsa
    id RHSA-2005:586
  • rhsa
    id RHSA-2005:587
refmap via4
bid 14242
ciac P-252
confirm http://www.mozilla.org/security/announce/mfsa2005-53.html
fedora FLSA:160202
misc https://bugzilla.mozilla.org/show_bug.cgi?id=298255
sectrack 1014469
secunia 16043
suse
  • SUSE-SA:2005:045
  • SUSE-SR:2005:018
vupen ADV-2005-1075
Last major update 11-10-2017 - 01:30
Published 13-07-2005 - 04:00
Back to Top