Vulnerability Details CVE-2005-1532
Firefox before 1.0.4 and Mozilla Suite before 1.7.8 do not properly limit privileges of Javascript eval and Script objects in the calling context, which allows remote attackers to conduct unauthorized activities via "non-DOM property overrides," a variant of CVE-2005-1160.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.174
EPSS Ranking 94.8%
CVSS Severity
CVSS v2 Score 7.5
References
- ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
- http://secunia.com/advisories/19823
- http://securitytracker.com/id?1013964
- http://securitytracker.com/id?1013965
- http://www.mozilla.org/security/announce/mfsa2005-44.html
- http://www.novell.com/linux/security/advisories/2006_04_25.html
- http://www.redhat.com/support/errata/RHSA-2005-434.html
- http://www.redhat.com/support/errata/RHSA-2005-435.html
- http://www.redhat.com/support/errata/RHSA-2005-601.html
- http://www.securityfocus.com/bid/13645
- http://www.securityfocus.com/bid/15495
- http://www.vupen.com/english/advisories/2005/0530
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100014
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10791
- ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
- http://secunia.com/advisories/19823
- http://securitytracker.com/id?1013964
- http://securitytracker.com/id?1013965
- http://www.mozilla.org/security/announce/mfsa2005-44.html
- http://www.novell.com/linux/security/advisories/2006_04_25.html
- http://www.redhat.com/support/errata/RHSA-2005-434.html
- http://www.redhat.com/support/errata/RHSA-2005-435.html
- http://www.redhat.com/support/errata/RHSA-2005-601.html
- http://www.securityfocus.com/bid/13645
- http://www.securityfocus.com/bid/15495
- http://www.vupen.com/english/advisories/2005/0530
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100014
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10791
Products affected by CVE-2005-1532
-
cpe:2.3:a:mozilla:firefox:0.10
-
cpe:2.3:a:mozilla:firefox:0.10.1
-
cpe:2.3:a:mozilla:firefox:0.8
-
cpe:2.3:a:mozilla:firefox:0.9
-
cpe:2.3:a:mozilla:firefox:0.9.1
-
cpe:2.3:a:mozilla:firefox:0.9.2
-
cpe:2.3:a:mozilla:firefox:0.9.3
-
cpe:2.3:a:mozilla:firefox:1.0
-
cpe:2.3:a:mozilla:firefox:1.0.1
-
cpe:2.3:a:mozilla:firefox:1.0.2
-
cpe:2.3:a:mozilla:firefox:1.0.3
-
cpe:2.3:a:mozilla:mozilla:1.3
-
cpe:2.3:a:mozilla:mozilla:1.4
-
cpe:2.3:a:mozilla:mozilla:1.4.1
-
cpe:2.3:a:mozilla:mozilla:1.5
-
cpe:2.3:a:mozilla:mozilla:1.5.1
-
cpe:2.3:a:mozilla:mozilla:1.6
-
cpe:2.3:a:mozilla:mozilla:1.7
-
cpe:2.3:a:mozilla:mozilla:1.7.1
-
cpe:2.3:a:mozilla:mozilla:1.7.2
-
cpe:2.3:a:mozilla:mozilla:1.7.3
-
cpe:2.3:a:mozilla:mozilla:1.7.5
-
cpe:2.3:a:mozilla:mozilla:1.7.6
-
cpe:2.3:a:mozilla:mozilla:1.7.7