Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2005-1477 | First vendor Publication | 2005-05-09 |
Vendor | Cve | Last vendor Modification | 2017-10-11 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:H/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 5.1 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | High |
Cvss Expoit Score | 4.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities such as CVE-2005-1476, as demonstrated using a javascript: URL as the package icon and a cross-site scripting (XSS) attack on a vulnerable whitelist site. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1477 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:100001 | |||
Oval ID: | oval:org.mitre.oval:def:100001 | ||
Title: | Install Function in Firefox and Mozilla Permits Arbitrary Code Execution | ||
Description: | The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities such as CVE-2005-1476, as demonstrated using a javascript: URL as the package icon and a cross-site scripting (XSS) attack on a vulnerable whitelist site. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-1477 | Version: | 3 |
Platform(s): | Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9231 | |||
Oval ID: | oval:org.mitre.oval:def:9231 | ||
Title: | The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities such as CVE-2005-1476, as demonstrated using a javascript: URL as the package icon and a cross-site scripting (XSS) attack on a vulnerable whitelist site. | ||
Description: | The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities such as CVE-2005-1476, as demonstrated using a javascript: URL as the package icon and a cross-site scripting (XSS) attack on a vulnerable whitelist site. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-1477 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2008-09-24 | Name : Gentoo Security Advisory GLSA 200505-11 (mozilla) File : nvt/glsa_200505_11.nasl |
2008-09-04 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox15.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
16186 | Multiple Browser IFRAME JavaScript URL XSS |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Mozilla Firefox IconURL Arbitrary Javascript Execution attempt RuleID : 17424 - Revision : 14 - Type : BROWSER-FIREFOX |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2006-07-05 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2005-434.nasl - Type : ACT_GATHER_INFO |
2006-07-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-435.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_eca6195ac23311d9804c02061b08fc24.nasl - Type : ACT_GATHER_INFO |
2005-05-28 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2005-434.nasl - Type : ACT_GATHER_INFO |
2005-05-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-435.nasl - Type : ACT_GATHER_INFO |
2005-05-17 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200505-11.nasl - Type : ACT_GATHER_INFO |
2005-05-12 | Name : A web browser installed on the remote host contains multiple vulnerabilities. File : mozilla_178.nasl - Type : ACT_GATHER_INFO |
2005-05-12 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_104.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:02:57 |
|
2021-04-22 01:03:11 |
|
2020-05-23 00:16:33 |
|
2017-10-11 09:23:31 |
|
2017-07-11 12:01:54 |
|
2016-10-18 12:01:40 |
|
2016-04-26 13:30:03 |
|
2014-02-17 10:31:20 |
|
2014-01-19 21:22:44 |
|
2013-05-11 11:25:47 |
|