Back to search
CVE-2005-1477
Published: May 9, 2005
Modified: Aug 7, 2024
PUBLISHED
Description
The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities such as CVE-2005-1476, as demonstrated using a javascript: URL as the package icon and a cross-site scripting (XSS) attack on a vulnerable whitelist site.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://bugzilla.mozilla.org/show_bug.cgi?id=292691
x_refsource_MISC
oval:org.mitre.oval:def:9231
vdb-entry
signature
x_refsource_OVAL
RHSA-2005:435
vendor-advisory
x_refsource_REDHAT
1013913
vdb-entry
x_refsource_SECTRACK
15292
third-party-advisory
x_refsource_SECUNIA
15495
vdb-entry
x_refsource_BID
https://bugzilla.mozilla.org/show_bug.cgi?id=293302
x_refsource_MISC
20050508 Firefox Remote Compromise Technical Details
mailing-list
x_refsource_FULLDISC
oval:org.mitre.oval:def:100001
vdb-entry
signature
x_refsource_OVAL
13544
vdb-entry
x_refsource_BID
http://greyhatsecurity.org/vulntests/ffrc.htm
x_refsource_MISC
http://www.mozilla.org/security/announce/mfsa2005-42.html
x_refsource_CONFIRM
mozilla-javascript-code-execution(20443)
vdb-entry
x_refsource_XF
http://greyhatsecurity.org/firefox.htm
x_refsource_MISC
RHSA-2005:434
vendor-advisory
x_refsource_REDHAT
ADV-2005-0493
vdb-entry
x_refsource_VUPEN
VU#648758
third-party-advisory
x_refsource_CERT-VN
20050508 Firefox Remote Compromise Leaked
mailing-list
x_refsource_FULLDISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now