fkie_nvd - fkie_cve-2005-1532

fkie_cve-2005-1532

Vulnerability from fkie_nvd

Published

2005-05-12 04:00

Modified

2025-04-03 01:03

Severity ?

Summary

Firefox before 1.0.4 and Mozilla Suite before 1.7.8 do not properly limit privileges of Javascript eval and Script objects in the calling context, which allows remote attackers to conduct unauthorized activities via "non-DOM property overrides," a variant of CVE-2005-1160.

References

	URL	Tags
	secalert@redhat.com	ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
	secalert@redhat.com	http://secunia.com/advisories/19823
	secalert@redhat.com	http://securitytracker.com/id?1013964
	secalert@redhat.com	http://securitytracker.com/id?1013965
	secalert@redhat.com	http://www.mozilla.org/security/announce/mfsa2005-44.html
	secalert@redhat.com	http://www.novell.com/linux/security/advisories/2006_04_25.html
	secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2005-434.html
	secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2005-435.html
	secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2005-601.html
	secalert@redhat.com	http://www.securityfocus.com/bid/13645
	secalert@redhat.com	http://www.securityfocus.com/bid/15495
	secalert@redhat.com	http://www.vupen.com/english/advisories/2005/0530
	secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100014
	secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10791
	af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/19823
	af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1013964
	af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1013965
	af854a3a-2127-422b-91ae-364da2661108	http://www.mozilla.org/security/announce/mfsa2005-44.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/2006_04_25.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2005-434.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2005-435.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2005-601.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/13645
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/15495
	af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2005/0530
	af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100014
	af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10791

Impacted products

Vendor	Product	Version
mozilla	firefox	0.8
mozilla	firefox	0.9
mozilla	firefox	0.9
mozilla	firefox	0.9.1
mozilla	firefox	0.9.2
mozilla	firefox	0.9.3
mozilla	firefox	0.10
mozilla	firefox	0.10.1
mozilla	firefox	1.0
mozilla	firefox	1.0.1
mozilla	firefox	1.0.2
mozilla	firefox	1.0.3
mozilla	mozilla	1.3
mozilla	mozilla	1.4
mozilla	mozilla	1.4
mozilla	mozilla	1.4.1
mozilla	mozilla	1.5
mozilla	mozilla	1.5
mozilla	mozilla	1.5
mozilla	mozilla	1.5
mozilla	mozilla	1.5.1
mozilla	mozilla	1.6
mozilla	mozilla	1.6
mozilla	mozilla	1.6
mozilla	mozilla	1.7
mozilla	mozilla	1.7
mozilla	mozilla	1.7
mozilla	mozilla	1.7
mozilla	mozilla	1.7
mozilla	mozilla	1.7
mozilla	mozilla	1.7.1
mozilla	mozilla	1.7.2
mozilla	mozilla	1.7.3
mozilla	mozilla	1.7.5
mozilla	mozilla	1.7.6
mozilla	mozilla	1.7.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "93C142C5-3A85-432B-80D6-2E7B1B4694F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2434FCE7-A50B-4527-9970-C7224B31141C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*",
              "matchCriteriaId": "5633FB6E-D623-49D4-9858-4E20E64DE458",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5F0DC80-5473-465C-9D7F-9589F1B78E12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "567FF916-7DE0-403C-8528-7931A43E0D18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "010B34F4-910E-4515-990B-8E72DF009578",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A545A77-2198-4685-A87F-E0F2DAECECF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "778FAE0C-A5CF-4B67-93A9-1A803E3E699F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7447185-7509-449D-8907-F30A42CF7EB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EDBAC37-9D08-44D1-B279-BC6ACF126CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C656A621-BE62-4BB8-9B25-A3916E60FA12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED69BEB9-8D83-415B-826D-9D17FB67976B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCDB64E5-AE26-43DF-8A66-654D5D22A635",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "3D8CB42F-8F05-45A6-A408-50A11CC132DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "407F69BE-4026-4B26-AC31-11E7CC942760",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "6E8264B5-4D4B-453D-B599-E2AD533A0CF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED9D75F1-8333-43DE-A08B-142E4C5899D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BF63077-4E98-497D-8CE6-B84B022DB21D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "2FEC6B13-3088-4ECB-9D81-6480F439601C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*",
              "matchCriteriaId": "20ECA520-780A-4EF8-8C80-B7564F4148B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*",
              "matchCriteriaId": "F610FFD5-DF37-4075-AE8B-8D89DF6205A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D093FD25-94C8-49B8-A452-438023BFB105",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "3346E7D0-D7EF-4182-BD86-837F14EEB9FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "150F1B28-0FAB-4880-B1D5-7F244A1C4D31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FE7EA3B-3BF8-4696-9488-78506074D62D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C883B45F-D28D-428E-AAF7-F93522A229DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFA659B9-2A00-45A6-A462-4E0A20FB7F81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFC06EBA-A836-4817-AEF6-EAC4BEDDF3CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D48957B0-BD47-4186-ACD7-0B9E7DB39B38",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Firefox before 1.0.4 and Mozilla Suite before 1.7.8 do not properly limit privileges of Javascript eval and Script objects in the calling context, which allows remote attackers to conduct unauthorized activities via \"non-DOM property overrides,\" a variant of CVE-2005-1160."
    }
  ],
  "id": "CVE-2005-1532",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-05-12T04:00:00.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/19823"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://securitytracker.com/id?1013964"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://securitytracker.com/id?1013965"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mozilla.org/security/announce/mfsa2005-44.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.novell.com/linux/security/advisories/2006_04_25.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2005-434.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2005-435.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2005-601.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/13645"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/15495"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2005/0530"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100014"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10791"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/19823"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1013964"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1013965"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mozilla.org/security/announce/mfsa2005-44.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2006_04_25.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2005-434.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2005-435.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2005-601.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/13645"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/15495"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2005/0530"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100014"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10791"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2005-1532 (GCVE-0-2005-1532)

Vulnerability from cvelistv5