Vulnerability Details CVE-2005-1157
Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in the GUI, which could then be used to execute malicious script, aka "Firesearching 2."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.074
EPSS Ranking 91.2%
CVSS Severity
CVSS v2 Score 7.5
References
- ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
- http://secunia.com/advisories/14938
- http://secunia.com/advisories/14992
- http://secunia.com/advisories/14996
- http://www.mikx.de/firesearching/
- http://www.mozilla.org/security/announce/mfsa2005-38.html
- http://www.redhat.com/support/errata/RHSA-2005-383.html
- http://www.redhat.com/support/errata/RHSA-2005-384.html
- http://www.redhat.com/support/errata/RHSA-2005-386.html
- http://www.securityfocus.com/bid/13211
- http://www.securityfocus.com/bid/15495
- https://bugzilla.mozilla.org/show_bug.cgi?id=290037
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20125
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9961
- ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
- http://secunia.com/advisories/14938
- http://secunia.com/advisories/14992
- http://secunia.com/advisories/14996
- http://www.mikx.de/firesearching/
- http://www.mozilla.org/security/announce/mfsa2005-38.html
- http://www.redhat.com/support/errata/RHSA-2005-383.html
- http://www.redhat.com/support/errata/RHSA-2005-384.html
- http://www.redhat.com/support/errata/RHSA-2005-386.html
- http://www.securityfocus.com/bid/13211
- http://www.securityfocus.com/bid/15495
- https://bugzilla.mozilla.org/show_bug.cgi?id=290037
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20125
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9961
Products affected by CVE-2005-1157
-
cpe:2.3:a:mozilla:firefox:0.10
-
cpe:2.3:a:mozilla:firefox:0.10.1
-
cpe:2.3:a:mozilla:firefox:0.8
-
cpe:2.3:a:mozilla:firefox:0.9
-
cpe:2.3:a:mozilla:firefox:0.9.1
-
cpe:2.3:a:mozilla:firefox:0.9.2
-
cpe:2.3:a:mozilla:firefox:0.9.3
-
cpe:2.3:a:mozilla:firefox:1.0
-
cpe:2.3:a:mozilla:firefox:1.0.1
-
cpe:2.3:a:mozilla:firefox:1.0.2
-
cpe:2.3:a:mozilla:mozilla:1.3
-
cpe:2.3:a:mozilla:mozilla:1.4
-
cpe:2.3:a:mozilla:mozilla:1.4.1
-
cpe:2.3:a:mozilla:mozilla:1.5
-
cpe:2.3:a:mozilla:mozilla:1.5.1
-
cpe:2.3:a:mozilla:mozilla:1.6
-
cpe:2.3:a:mozilla:mozilla:1.7
-
cpe:2.3:a:mozilla:mozilla:1.7.1
-
cpe:2.3:a:mozilla:mozilla:1.7.2
-
cpe:2.3:a:mozilla:mozilla:1.7.3
-
cpe:2.3:a:mozilla:mozilla:1.7.5
-
cpe:2.3:a:mozilla:mozilla:1.7.6
-
cpe:2.3:a:netscape:navigator:7.2